Search This Blog

Showing posts with label $2 Million. Show all posts

This Malware Generated $2 Million After Abusing 222,000 Windows Systems


Avast researchers published a report on Thursday regarding the discovery of a cryptocurrency mining malware that abuses Windows Safe mode and has likely generated more than 9,000 Monero coins (estimated today at around $2 million) after exploiting more than 222,000 Windows systems since 2018.

The latest version of Crackonosh, as Avast dubbed it, spreads through illegal and cracked copies of popular software also known as “warez” which is distributed on various torrent sites and forums.

The malware continues to infect systems worldwide, affecting 222,000 unique devices in more than a dozen countries since December 2020. As of May, the malware was still getting about 1,000 hits a day. The researchers already spotted 30 different versions of the malware, with the latest one that was published in November 2020. 

According to Daniel Beneš, a malware analyst for antivirus maker Avast, the worst-hit region is the Philippines, with 18,448 victims; followed by Brazil (16,584); India (13,779); Poland (12,727); the United States (11,856); and the United Kingdom (8,946).

The researchers started investigating the threat after they received reports that Crackonosh was disabling and uninstalling its antivirus from infected devices. The company later discovered that Crackonosh was also disabling many other popular antivirus vendors, including Windows Defender and Windows Update as part of an advanced set of anti-detection and anti-forensics tactics that were meant to allow the malware to remain undetected on infected hosts.

Once Crackonosh weakened infected hosts, it will run XMRig, a cryptocurrency miner that enables attackers to mine Monero using the victim’s hardware download, to earn a profit from infected computers. Earlier this month, the company identified another crypto-miner named DirtyMoe which infected more than 100,000 systems. The difference between the two was that DirtyMoe was primarily being spread using an SMB worm and that its developer appears to be based in China rather than Europe.

“As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you,” Beneš said.

$2 Million Cryptocurrency Controversy Linked with WallStreetBets Investors


As per a Bloomberg News story, at least $2 million of a cryptocurrency conspiracy was recently tossed from investors of Wall Street Bets, enticing them to invest in new crypto coins associated with the famous meme stake. 

Moderators of the infamous Reddit Forum have already warned users for weeks to stop fraud based on the good credibility of the WSB. An article published calls on members of the community to be aware of WSB items offers. 

“People keep posting a press release about an official Wall Street Bets distributed app. (Aka, a crypto pyramid scheme). Nothing could be further from the truth. We are strongly anti-monetization. This scam has nothing to do with us,” as per the report. 

Many people have skipped the memo, as a couple of WSB enthusiasts have recently been scammed by this ilk. In reality, lately, an offer has been made available on the chat app Telegram, ordered by a "Wall Street Bets — Crypto Pumps" account. These "Crypto Pumps" claimed that it offered bet enthusiasts the opportunity to invest in the latest crypto token known as "WSB Finance." In the domain of cryptocurrency, such an arrangement is called the "premise sale," which allows an early investor to purchase a token until the crypto exchange reaches as well as the public distribution is more widespread. 

Potential buyers were instructed to submit Binance Coin or Ether to a crypto wallet and then contact the "token bot" on the site that would transfer the tokens for the user WSB Finance. It's been not much until the ETH and BNB flowed into the wallet of Crypto Pump. 

Nevertheless, a little snack came from the buyers. " Pumps" alerted everyone that there was an issue with the bot soon after the coinage was pocketed, it was faulty. This will lead to even more users sending crypto payments, or “lose their initial investment,” reports Bloomberg. 

Innately, the "WSB Finance Tokens" are not present as well as the coins also never appeared. Whatever fraudsters they were, they made up to some 3,451 Binance coins – a total of some $2.1 million once converted into real-world currency. The suspects could also have rendered unspecified contributions by Ether donations. 

Before the “Crypto Pumps” profile disappeared from Telegram, the page’s administrator had one final message to share. The fraudster wanted victims to know how the ill-gotten winnings would be spent: “Buying Lambo now,” they said.