Microsoft, one of the largest technology corporations in the world, has discovered a new malware called Anubis, which is capable of stealing credentials and other sensitive data from cryptocurrency wallets.
Known as AnubisThe new malware uses a fork of the code of the known malware loki, to steal sensitive information from affected users, such as login IDs. Wallets de cryptocurrencies, , confidential system information, credit card data, among others. This malware was discovered in June by Microsoft Security Intelligence, who reported via his Twitter account that Anubis is now being actively and openly distributed on the Internet.
According to Microsoft, the new malware is not part of the Android banking malware family that also bears the same name, but is instead a derivative of Loki that is downloaded through unsafe websites, or by downloading certain attachments of dubious origin.
“Anubis is being deployed in what appear to be limited initial campaigns that have so far only used a handful of known download URLs and C2 servers.”
Tanmay Ganacharya, director of Microsoft's Research and Security area, says that this malware has the ability to steal confidential information and send it to a C2 server through an HTTP POST command, so a device can be infected when a file is downloaded or a web form is submitted.
For his part, Ganacharya also claims that once the device is compromised and Anubis is successfully executed, the post command returns the stolen sensitive information to the server, which can include usernames and passwords as well as credentials saved in browsers, credit card information, and cryptocurrency wallet IDs.
It may interest you: Lazarus Group targets cryptocurrency theft with phishing attacks
Microsoft's recommendations for protecting against Anubis malware
First of all, Microsoft's team of security researchers recommend that users do not visit unknown websites or web pages, or download or open attachments in suspicious emails or emails from unknown addresses. Experts also do not recommend opening links that lead to unknown, strange or suspicious websites.
Likewise, the experts' recommendations include keeping anti-malware on devices and computers up to date, as well as scanning and analyzing these devices frequently.
Ganacharya recommends that when accessing sensitive accounts from a browser, such as banking applications or cryptocurrency exchanges, users should use secure or private browsers that can prevent malware from recording keystrokes or taking screenshots when accessing these websites. Remember that this is malware designed to capture and steal confidential information from victims, and that it was also designed to go unnoticed when it infects a device.
In addition, to ensure the safety and security of their computers, Ganacharya recommends that users activate the blocking of unwanted applications in Microsoft, in addition to obtaining protection against cryptocurrency miners and other software that can affect the performance of computers and devices.
Finally, Microsoft is updating its Defender Advanced Threat Protection (Microsoft Defender ATP) to be able to detect Anubis and any other malware. Microsoft Defender ATP uses cloud protection powered by Artificial Intelligence (AI) to defend against new threats in real time.
Development of new malware and the security of cryptocurrencies
Although the Anubis malware was not designed exclusively to steal credentials in cryptocurrency wallets, it does have the potential to capture keystrokes when entering this confidential information. Therefore, it is important that users of Windows operating systems follow the recommendations of experts to prevent their devices and equipment from becoming infected.
The current rise and popularity of cryptocurrencies has led several malicious actors to develop new software and strategies that are increasingly having an impact within cryptographic ecosystems. In this regard, the CTO of Bitfinex, Paolo Ardoino, noted that less experienced cryptocurrency users may store their wallet seeds inside a computer for fear of losing them, something that undoubtedly puts the security of their assets at risk if their computer is compromised by malware like Anubis.
“Over the past three years we have seen an increasing number of malware targeting users’ computers that, in addition to attempting to record/steal passwords, are specialized in harvesting information from the victim’s system in search of cryptocurrency.”
Finally, the expert points out that currently, due to the economic crisis and the pandemic that is being experienced worldwide, this type of attack has grown considerably.
Continue reading: Security: Several exchanges present vulnerabilities that put user funds at risk
