Cyble Research Labs, a cyber intelligence and security company, has released the findings of its probe of a new strain of digital assets-stealing malware spreading on YouTube called PennyWise, which it first identified in May.
According to a blog post by Cyble, the malware is an emerging threat to digital asset holders. It can steal digital assets-related data from users of over 30 Chromium and Mozilla-based browsers.
“Our investigation indicates that the stealer is an emerging threat… In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications such as cold crypto wallets, crypto-browser extensions, etc.,” the firm stated.
The malware spreads through YouTube videos that purportedly teach viewers how to mine Bitcoin for free. These videos usually have a link to download the free block reward mining software that is, in reality, a malicious file that perpetuates a hack on the user’s computer.
Once the file is downloaded and installed following the prompt to disable the computer’s antivirus, the malware steals the user’s browser information, including digital assets extension data and login data. It can also screenshot and steal sessions of chat applications such as Discord and Telegram.
The malware called “PennyWise” targets wallets supporting Zcash (ZEC) and Ether (ETH), as well as cold digital currency wallets such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda, and Coinomi.
Meanwhile, the investigation also found that the PennyWise malware stops its operation if it detects that the victim is based in Russia, Ukraine, Belarus, and Kazakhstan. It also converts the stolen timezone data to Moscow Standard Time (MSK) when the data is sent back to the attackers.
The channel where the malware started spreading from had over 80 tutorial videos before it was taken down. However, links to the malware have also been found in other videos promoting free NFT minting airdrops and tutorials to download hacked or modded softwares and games.
Digital asset malware attacks becoming more rampant
Cyble warns that the Pennywise malware may already be evolving, although there is no information to know the extent of its use by cybercriminals at the moment. The firm also recommends that internet users implement strict security measures and maintain vigilance.
PennyWise is not the only recent digital asset-jacking malware variant that has been discovered recently. Earlier this year, a purportedly pirated copy of the Marvel blockbuster movie “Spider-Man: No Way Home” was discovered to be spreading a Monero mining malware.
According to a Chainalysis report, digital asset-jacking malwares were responsible for 73% of the total value received by malware-related wallet addresses between 2017 and 2021. The firm warned that even “low-skilled cybercriminals” now use such malware to scam victims and are largely under the radar.
Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.