PennyWise malware on YouTube targets cryptocurrency wallets and browsers
Learn more about how this stealer malware operates and how to protect yourself from it now.
by Cedric Pernet in Security
on July 5, 2022, 6:48 AM PDT
A new stealer dubbed PennyWise by its developers has appeared recently, exposed by Cyble Research Labs. The researchers observed multiple samples of the malware in the wild, making it an active threat. The threat focuses on stealing sensitive browser data and cryptocurrency wallets, and it comes as the Pentagon has raised concerns about the blockchain.
An unusual way of spreading: YouTube
The malware pretends to be a free Bitcoin mining application, which advertises and can be downloaded via a Youtube video (Figure A).
While this screen capture shows a very limited number of visitors, Cyble has observed over 80 videos on YouTube for mass infection, all stored on the threat actor’s YouTube channel.
As the users watch the video, they are enticed to download a password-protected archive file, which contains the advertised Bitcoin mining software, but which is in fact the PennyWise malware.
The use of a password-protected archive is a known social engineering method for enforcing trust, as users tend to be less suspicious when content is password-protected.
In an additional attempt to appear more legitimate, the threat actor adds a link to VirusTotal which shows antivirus results for a clean file that is not the malware. The threat actor also mentions the user might need to turn off his antivirus if he is not allowed to download the file but that it is completely safe (Figure B).
https://www.techrepublic.com/article/pe ... be-crypto/