Security researchers recently unveiled a new crypto-malware called Saefko. The remote-access trojan is being used to scan crypto websites that users visited.
Up for sale on the dark web
Saefko is now on sale on the dark web to allow malicious actors to hack into users’ devices and check if they visited a particular crypto website.
According to Zscaler ThreatLabZ, the new malware is dubbed Saefko, and it is written in .NET. The malware comes with a Remote Access Tool (RAT) functionality that could make crypto criminals take over user accounts and even automate frauds.
Once a user’s computer is attacked, the malware opens a backdoor via which the hackers can control the user’s computer. The hackers can get access to a user’s credentials and even monitor and log keystrokes. What is even more startling is that the malware can fetch the history from the chrome browser and look for very specific types of activity, as the use of credit cards and social media sites. They could also get to know how a user shops and if he uses digital currency.
They can also activate the webcam remote, format drives and even take screenshots on a user’s computer if they prefer. Simply put, the user can perform almost any task they want using the malware. It is usually transmitted via infected games and apps that users can download on their device.
Crypto users should be alarmed
As the malware is designed to find out your crypto activities, it could let the hackers know if you visited a particular crypto website. It could also collect data and send the data remotely to its original server. It also comes with a secret updater tool that checks for any cryptocurrency-related info on a computer and controls the infrastructure to ensure that the hackers could get their hands on your crypto funds. This happens using a second-stage installation when the hacker is convinced that they can compromise your system.
The researchers compiled a list of crypto sites that the malware searches for. It includes etoro.com, coinbase.com, cex.io, changelly.com, kraken.com, coincheck.com, Binance.com, shapeshift.io, gemini.com, blockchain.com and news.bitcoin.com amongst others.
The researchers also suggest that Saefko will install itself only when it is fully sure that it will not be detected. The malware also spreads quickly in the computers connected to the same network. They suggest,
“To protect systems from RATs, users must refrain from downloading programs or opening attachments that aren’t from a trusted source. At the administrative level, it’s always a good idea to block unused ports, turn off unused services, and monitor outgoing traffic.”