A new form of threat for cryptocurrency users looking for mining software through YouTube caused concern and alert among netizens in recent days. It is a ‘malware’ called “PennyWise” that tricks users into downloading software that can steal data from cryptocurrency wallets and browser extensions.
PennyWise can infect cold wallets such as Zcash, Armory, Bytecoin, Jaxx, Exodus, ETH, Electreum, Atomic Wallet, Guarda and Coinomi.
PennyWise and its features
According to cyber intelligence firm Cyble, fraudsters are spreading PennyWise as free BTC mining software.
So far, more than 80 YouTube videos have been counted that contain links to download the malware.
It was also revealed that PennyWise targets browsers based on Chrome, Mozilla, Opera and Microsoft Edge.
However, Cyble reported that the malware is designed not to steal from users in countries such as Russia, Ukraine, Belarus, and Kazakhstan.
How PennyWise Steals User Data
All known browser data is stolen if the malware detects a known browser, including login credentials, cookies, encryption keys and master passwords.
After system “infection” the malware performs a search for cryptocurrency wallets like Litecoin, Dash and BTC before targeting cold storage wallets like Zcash, Armory, Bytecoin, Jaxx, Exodus, ETH, Electrum, etc.
Wallet files are stolen from a list of predefined folders and cryptocurrency extensions in Chrome-based browsers like MetaMask are also targeted.
After all the collection is complete, it is compressed and sent to an attacker-controlled server before being deleted from the computer.
How to protect yourself from this threat
To avoid this category of malware, it is necessary to consider a few factors:
- Software should never be downloaded from unverified or untrusted sources.
- Users should never disable their antivirus to install a new application.
- The antivirus or security product running on the computer must always be kept up to date with all other software and the operating system itself.
- You should avoid storing credentials in the browser.
- It is ideal to create a different password for each site or service.
- Two-part authentication should be implemented when possible so that when a cybercriminal is in possession of valid credentials, he cannot use it on any online service.