The PennyWise malware is masquerading as crypto-coin mining software and being advertised in a variety of YouTube videos – showing that any communications method can be exploited for phishing attacks.
PennyWise malware on YouTube targets cryptocurrency wallets and browsers | TechRepublic
To help build confidence in the product, the threat actor has included a password for the archive – this is a common social engineering technique, to rapidly build trust between the threat actor and the victim. The threat actor has also added a link to the well respected website, VirusTotal, to assure you that the file you are downloading is clean of viruses and malware – this is of course total fiction. There is also “helpful” advice from the cyber criminal for you to turn off the virus and malware protection software on your computer if you have trouble downloading and installing their software! They reassure you that the software is completely safe!
Once installed, the malware targets a range of Chrome and Mozilla based browsers and Opera and Microsoft Edge – stealing various system data and information before trying exfiltrate:
- Small RTF, DOC, DOCX, TXT and JSON files
- If the malware detects a browser it knows, it extracts all the sensitive information it can, including login credentials, cookies, encryption keys etc.
- Discord tokens
- Telegram sessions
- The registry is searched for a range of cryptocurrency wallets
- Any cryptocurrency wallets in a range of folders are taken
- A screenshot of the user’s screen is taken
This is all zipped up and then sent out to the threat actor’s servers.
You would think this type of attack would not work – but unfortunately it does. Someone somewhere will be looking for a cheap and easy way to get into crypto-mining and will search on YouTube for that video that will show them how to make money quickly.
It is this range of attacks, whether delivered by email, text, phone call – or now YouTube, we look at in our Social Engineering and Phishing Training. We also discuss:
- Passwords, multi factor authentication and now passwordless best practice
- Business email compromise attacks and defences
- The do’s and don’t of social media
- Insider threats – how you have to take cyber security steps even for your most trusted team members – let alone the night cleaner, caretaker or disgruntled employee
- Anti-virus and advanced threat protection tools
- Why you always listen to and obey the prompts from your anti-virus and anti-malware software
- Plenty of options on how we deliver the training – choose the best to suit your situation
As well as bespoke training we have these options:
Cyber Awake | Train Your Team To Protect Against Cyber Attacks
Or this:
Clive Catton MSc (Cyber Security) – by-line and other articles