MalwaredisguisedasaPython-basedtradingbothasreportedlytargetedcryptotradersinamulti-vectorsupplychainattack.
Accordingtoanewblogpostbycloud-basedcybersecurityfirmCheckmarx,cryptoenthusiastshavebeentargetedbyadvancedmalwarecloakedasasuiteofartificialintelligence(AI)-basedcryptotradingtoolsthataimtostealsensitivedataanddraincryptowallets.
Checkmarxsaysthemalwarewasdistributedthroughcode-sharingplatformGitHubandPyPi(PythonPackageIndex),acentralizedlocationforPythonpackages,andtargetedbothWindowsandMacoperatingsystems.
AccordingtoCheckmarx,themalwareutilizeddeceptivegraphicaluserinterfacetodistractvictimsandamulti-stageinfectionprocessthatledvictimstoafakewebsite.
“TheCryptoAIToolsmalwareemploysasophisticatedmulti-stageinfectionprocess,leveragingafakewebsitetodeliveritssecondarypayloads…
Auniqueaspectofthisattack,comparedtomanymaliciouspackageswehaveseeninthepast,isthattheCryptoAIToolsmalwareincorporatesagraphicaluserinterface(GUI)asakeycomponentofitssocialengineeringstrategy.
ThisGUIappearsthemomentthesecond-stagemalwareisactivatedandpresentsitselfasan‘AIBotStarter’application.Itisdesignedtodistractusersandcollectsensitiveinformationwhilethemalwareoperatescovertly.”
TheattackeralsosetupaTelegramchannelmasqueradingastheproduct’stechsupport,furthertrickinguserswithoffersoffreetrials.
“IntheTelegramchat,theattackeremploysvarioustacticstolurepotentialvictims.Theyoffer‘botsupport’toestablishcredibilityandtrust.Toenticeusers,theypromotetheirGitHubrepositoryashostingtheir‘mostpowerfulbot,’appealingtothoseseekingadvancedtradingtools.
Theattackerthenproposesanattractiveoffer:afreetrialperiodfollowedbyamonthlysubscriptionmodel,makingthepropositionseembothrisk-freeandprofessional.”
Checkmarxsaysthemalwarehad“severe”consequencesonitsvictims,includingthepotentialtheftoftheiridentities,browserdata,sensitivecomputerfiles,anddigitalassets.
GeneratedImage:Midjourney
dailyhodl.com