A new strain of crypto-malware is being spread via YouTube, tricking users to download software that’s designed to steal data from 30 crypto wallets and crypto-browser extensions.
Cyber intelligence company Cyble in a June 30 blog post said it had been tracking the malware known as “PennyWise” — likely named after the monster in Stephen King's horror novel “It” — since it was first identified in May.
“Our investigation indicates that the stealer is an emerging threat,” wrote Cyble in a blog post on June 30.
Data stolen from the victim's system comes in the form of Chromium and Mozilla browser information, including cryptocurrency extension data and login data. It can also take screenshots and steal sessions of chat applications such as Discord and Telegram.
The malware also targets cold crypto-wallets such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda, and Coinomi, as well as wallets supporting Zcash and Ethereum by looking for wallet files in the directory and sending a copy of the files to attackers, according to Cyble.
The cybersecurity company noted that the malware is being spread on YouTube mining education videos purporting to be free Bitcoin mining software.
The cybercriminals, or “Threat Actors” upload videos instructing viewers to visit the link in the description and download the free software, whilst also encouraging them also to disable their antivirus software which enables the malware to run successfully.
Cyble said the attacker had as many as 80 videos on their YouTube channel as of June 30 however, the channel identified has since been removed.
A search by Cointelegraph found similar links to the malware remain on other smaller YouTube channels, with videos promising free NFT-mining,
Read more on cointelegraph.com