Slovak cybersecurity company ESET has unveiled a new malware that targets the extraction and theft of cryptocurrencies and that primarily attacks Czech (47 percent of victims) and Slovak (41 percent) users. Malware was called KryptoCibule, it spreads through malicious torrents intended for downloading illegal versions of games and programs, while most of these files were on Uloz.to.
The name KryptoCibule was derived from the name of the Tor protocol, ie onion. The Czech-Slovak branches of ESET, but the office in Montreal, did not come up with this honored name.
According to ESET, “KryptoCibule” misuses the victim’s cryptocurrency resources for the benefit of the attacker, attempts to redirect financial transactions by changing the address of the cryptocurrency while copying this text, and also attempts to steal files related to cryptocurrencies, passwords and banks. All this using various techniques that help malicious code to hide from detection. KryptoCibule uses the Tor network as well as the BitTorrent protocol in its communication infrastructure. ”
Several versions of KryptoCibule have been identified, evolution has been traced since 2018. The Trojan remains active and receives new features. Among other things, the malware is hidden from detection so that it does not extract cryptocurrencies if the battery level of the infected device is below ten percent. A detailed technical analysis is available here.