CRYPTO MALWARE; how to avoid them

CRYPTO MALWARE AND YOUR CRYPTO WALLET ASSETS

By /

Introduction

One of the challenges of navigating the cryptocurrency ecosystem is that many bad actors want to steal your money. One of the common ways they do this is by exploiting vulnerabilities that may be inherent in some apps or by playing a phishing move on an unsuspecting individual. This blog post will highlight some known Crypto malware that can affect your wallet and how to avoid them.

It is no longer enough to set up a crypto wallet and then store your private keys offline, you might still be at risk of losing your cryptos. There is a need to take extra precautions, especially as it relates to the device you are installing your crypto wallet on. Your wallet is only as secure as the device it is on.

What is a Crypto Malware?

Crypto malware is a type of malicious software that is designed to exploit a victim’s device (phone, laptop) with the intent to cause harm. Such harm may range from stealing sensitive data such as passwords and private keys, to using the device’s computing resources to mine crypto (cryptojacking), etc.

The most damning of these is to use gain access to the private keys of a crypto wallet on a device, it results in the loss of funds.

Common Crypto Malware

Some of the common crypto malware you should know are as follows

1. Pennywise Malware

The Pennywise malware is a trojan malware that was first identified in 2022 where it was predominantly spread through a YouTube channel created by the hacker. It disguises itself as a free Bitcoin mining software.

The Pennywise Malware tricks people into downloading the malware file after prompting them to first disable any antivirus on their system for smooth installation. As a rule, any software installation that prompts you to disable your anti-virus is potentially harmful to your device and you should avoid such.

The malware can exploit vulnerabilities in some wallets and reveal their private keeps in plain text to the hacker. See screenshot below;

Pennywise CRYPTO Malware
Pennywise crypto Malware revealing private keys

Once click on a malicious link that contains the Pennywise malicious file, it installs itself on your device. It can steal sensitive data such as passwords, private keys browser extensions, and storage files on devices.

The Pennywise malware back then, affected popular browsers such as (Chrome, Explorer, and Chromium). It also affected many of the popular wallets like Guardian, Atomic, Electron, Coinomi, Jaxx, and Exodus. Luckily for us, these vulnerabilities have been fixed in these wallets. It remains paramount, however, that we avoid clicking on links from unverified sources.

2. Cryware

Cryware is a broad classification of malicious software that can cause harm to your crypto wallets as highlighted by Microsoft. They can steal your crypto assets through a variety of means. Some of them are as follows;

  1. Keylogging malware – runs in the background and steals your passwords by making use of the records of your keyboard strokes.
  2. Clip and Switching – where the address you copy on your clipboard is changed to that of the hacker.
  3. Ransomware – where the hacker encrypts your files and then asks for a ransom to unencrypt them
  4. Memory Dumping – where the private key of your wallets is visible in the browser process memory, etc.

crypto Malware
Malware exposing the private keys in a browser’s memory

Crywares are not specific malware, but rather a collection of malware that finds various ways to compromise your device. A hacker may deploy any of the Cryware above to compromise your device and then steal from you.

3. Clipper Malware

The Clipper malware (a.k.a Clipboard malware) was first discovered in 2017 on the Windows platform. It steals your funds by hijacking the content of a clipboard and then switching it to something else provided by the hacker. I have had the bitter experience of the Clipper malware (aka Clip and switching malware) and it was particularly painful. You will often not notice it as we inherently trust the content of our clipboard to be correct.

We often do not memorize wallet addresses, rather, we naturally will use a clipboard to copy addresses when we want to make a transaction. The Clipper malware takes advantage of this, it switches the address we copied to that of the hacker. The result is that we inadvertently send funds to the hacker instead of the intended recipient. This is made worse by the fact that crypto transactions are irreversible.

The Clipper malware can also affect both laptops and mobile devices and is usually from phishing links or malicious apps. Such apps will usually appear harmless like Games, Free VPNs, Calculators, Wallets, etc.

Sometimes, they can even be Apps hosted on the Google PlayStore. In 2019, ESET Security Solutions discovered that the Clipper malware was hosted on Google Android Playstore as Android/Clipper.C. It was mimicking the legitimate Metamask wallet. We should only install apps from trusted parties, even when those apps are on the Play Store.

How to Protect Your Crypto Assets from Malware

Here are some suggestions on what you can do to protect your device from crypto-malware

  1. Always keep your devices updated to the latest versions – implement the never-ending update prompts from your phone and laptops, they come with Security patches to address vulnerabilities as soon as they are identified.
  2. Do not install applications from unknown sources. Only use the official sites to install any wallet service provider. If you must use Apps on the Play Store, ensure you use the correct App.
  3. Do not click on links from questionable sources such as Telegram private chats, social media feeds, etc.
  4. Disconnect your wallets from sites that interoperate with your wallet applications. Revoke wallet permissions after using them even for legitimate sites.
  5. Always encrypt your private keys, do not store them in plain text
  6. Confirm your wallet before making a transaction to it (to check Clipperware malware).
  7. Do not store your private keys online, including in emails. Everything online is potentially vulnerable to hacks.
  8. Consider using a much more secure environment to install your wallet applications. Linux systems are very resistant to hacks, compared to your traditional Windows devices.
  9. Invest in a hardware wallet and keep it offline.

Conclusion

It is important to know about different malicious software and how hackers can use them to steal our crypto assets. Some common examples are the Clipperware malware, the various Crywares, the Pennywise Malware, etc.

Ways to protect your wallet from hackers is to keep the devices that host your wallet free from any malicious links or applications. Do Not click on any links you have not verified and do not install apps from untrusted sources or untrusted apps. Other practices to keep you safe include keeping your devices updated and getting some extra layer of security like Wallet security extension. etc.

More about keeping safe: HOW TO AVOID PHISHING SCAMS

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *