Threat investigators have unveiled a new malware, KryptoCibule, which is centered on getting an adequate amount of cryptocurrency from its victims. To this end, it pilfers wallets, hijacks transactions, and begins mining on infected machines. The malware has existed for almost two years, extending its functionality with each new version.
In a technical examination issued on Wednesday, Researchers at ESET observe that KryptoCibule relies profoundly on the Tor network to communicate with its command and control (C2) servers.
It spreads through malicious torrents in archives playacting to installers for bootlegged versions of popular software and games. When launching the executable, malware installation begins in the background and the predictable routine for the fractured product runs in the forefront.
This exercise allowed the malware to evade attention for so long. Attacking these regions is possibly deliberate, as investigators exposed that the anti-analysis and detection mechanisms in KryptoCibule precisely check for ESET, Avast, and AVG (subsidiary of Avast) security products, which are based in these two countries.
Mining for cryptocurrency is a resource intensive operation expected to draw attention. In this case, however, the process runs unobstructed only if there was no user input for the last three minutes and the computer’s battery level is above 30pc.
In addition to its focus on cryptocurrency, the threat features other tools that give its workers remote access to the bargained host. The attackers can issue a backdoor using Pupy post-exploitation tool.