Cybersecurity firm Cyble Research Lags recently discovered that a hacking group is spreading fake bitcoin mining software using a previously unsuspected method to inject powerful malware: YouTube videos. Crime software christened PennyWise.
According to experts, the threat was detected after more than 80 videos were found, all of which were viewed in small numbers but belonging to a single sender. The common content of the videos is a tutorial on how bitcoin mining software works. It can be downloaded for free by users via a link in the description.
What does PennyWise malware do?
To trick victims, PennyWise is described as a secure software and comes with password protection for added reliability. When the file is downloaded, it comes with a link to the VirusTotal online malicious content detection service. The package also carries the warning: some antiviruses can accidentally trigger a false positive alert for viruses.
Like the sinister clown from the movie of the same name, PennyWise unleashes a lot of mischief: Steals system information, login credentials, cookies, encryption keys, and master passwords. It also copies Telegram sessions, Discord tokens and takes screenshots. However, the main target of the malware seems to be potential cryptocurrency wallets and potential cold wallet data (off-blockchain).
After Penny collects all the information, it compresses it into a single file and sends it all to a server controlled by the attackers and self-destructs. This malware can interrupt your actions and stay “quiet” If you notice that some analytics tools are running on the device. It also stops working if it detects that the victim’s endpoint is in Russia, Ukraine, Belarus or Kazakhstan.
Source: Tec Mundo
