New Telegram Virus Targets AtomicWallet, BitcoinCore, ByteCoin, Exodus, Jaxx and Monero Cryptocurrency Wallets
A group of analysts at the cybersecurity company SafeGuard discovered malicious software (software) that is actively spreading in the telegram channels for cryptocurrency trading.
According to the report, the malware called Echelon performs multiple functions, focusing on credentials, cryptocurrency wallets, and victim device information. The virus itself is distributed as a .rar file. In the sample studied by experts, the file was called “present) .rar”. The archive contained three files:
- Text document “123.txt”, where there is a password.
- The file “DotNetZip.dll” – non-malicious class library and toolkit for working with zip files.
- Present.exe is a malicious file that steals data from cryptocurrency wallets.
It turned out that the malware contains several fun features. For example, when trying to use the debugger or standard malware analysis tools, the virus terminates the process immediately. The virus also checks which sites the victim connects to and even takes screenshots of the screen..
Besides Telegram, the virus targets other applications and web resources, including Discord, FileZilla, NordVPN, OpenVPN, Total Commander, and others. The following programs are at risk of hacking cryptocurrency wallets: Armory, Atomic Wallet, Bitcoin Core, ByteCoin, Dash Core, Electrum, Exodus, Ethereum, Jaxx, Litecoin Core, Monero and Zcash. The virus sends the stolen information to the proxy IP address 18.104.22.168, port: 3128.
In September 2020, the editors wrote that Microsoft had warned about a virus called Anubis. The malware steals the credentials of cryptocurrency wallets and credit cards, as well as other sensitive information from Windows computers. You can read about the similarities between ransomware viruses in Chainalysis in a special article by the BeInCrypto editorial staff.
All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website.
#Telegram #noticed #growth #virus #targeting #crypto #wallets