Cheap malware is behind a rise in attacks on cryptocurrency wallets

A rise in cheap, easy-to-use malware means it's easier than ever for cyber criminals to steal cryptocurrency. 

Cryptocurrency has long been a popular target for organised cyber criminals, whether they're stealing it outright from cryptocurrency exchanges, or demanding it as an extortion payment in ransomware attacks. 

But the growing value of cryptocurrency means it has quickly become a key target for cyber criminals and they're increasingly launching attacks that aim to steal cryptocurrency from the wallets of individual users. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

Research by Chainalysis warns that cryptocurrency users are increasingly under threat from malware including information stealers, clippers – which allow attackers to replace text the user has copied, redirecting cryptocurrency to their own wallets – and trojans, all of which can be purchased for what's described as "relatively little money" on cyber-criminal forums. 

For example, a form of info-stealer malware called Redline is advertised on Russian cybercrime forums at $150 for a month's subscription, or $800 for 'lifetime' access. For a cyber criminal looking to steal cryptocurrency, it's sadly highly likely they'll make back the money paid for the malware within a handful of attacks. 

The illicit service also provides users with a tool that allows attackers to encrypt the malware so it's more difficult for anti-virus software to detect, increasingly the likelihood of attacks successfully stealing cryptocurrency from compromised victims. 

"The proliferation of cheap access to malware families like Redline means that even relatively low-skilled cyber criminals can use them to steal cryptocurrency," warns the report. 

Overall, the malware families in the report have received 5,974 transfers from victims in 2021, up from 5,449 in 2020 – although that's down significantly on 2019, which saw more that 7,000 transfers.

But Redline is just one example of malware being designed to steal cryptocurrency and there's a growing market in this space. 

Of the incidents tracked, Crypobot, an infostealer was the most prolific theft of cryptocurrency wallets and account credentials, stealing almost half a million dollars in cryptocurrency in 2021.  

In addition to this, success in stealing cryptocurrency from users could easily push more ambitious cyber criminals to target organisations and even cryptocurrency exchanges, meaning that the threat of cyber criminals targeting crypto wallets and credentials is something organisations need to consider. 

"The cybersecurity industry has been dealing with malware for years, but the usage of these malicious programs to steal cryptocurrency means cybersecurity teams need new tools in their toolbox," says the blog post.

"Likewise, cryptocurrency compliance teams already well-versed in blockchain analysis must educate themselves on malware in order to ensure these threat actors aren't taking advantage of their platforms to launder stolen cryptocurrency," it said. 

MORE ON CYBERSECURITY

• How to keep your bank details and finances more secure online
• Report: $2.2 billion in cryptocurrency stolen from DeFi platforms in 2021
• This stealthy malware delivers a 'silent threat' that wants to steal your passwords
• SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks
• WeSteal: A 'shameless' cryptocurrency stealer sold in the underground