Search Inside Bitcoins

Hackers spread PennyWise crypto malware through YouTube

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

YouTube Sabotages Yet another Crypto Live Stream
YouTube Sabotages Yet another Crypto Live Stream

Join Our Telegram channel to stay up to date on breaking news coverage

Hackers are using YouTube to spread a new type of crypto-malware. This malware duped users into downloading software that steals data from cryptocurrency wallets and crypto browser extensions.

PennyWise crypto malware spread on YouTube

Cyble published a blog post on June 30 addressing this new malware known as PennyWise. The blog post noted that the malware was an “emerging threat.” A threat actor using this malware can gain access to more than 30 cryptocurrency applications, including crypto wallets and browser extensions.

The hackers can use this malware to access a wide range of system data, including login information and crypto extension data. The malware can also capture screenshots and infiltrate chat platforms like Telegram and Discord.

This malware can infiltrate many cold wallets, including Atomic Wallet, Armory, Bytecoin, Coinomi, Electrum, Exodus, Guarda, and Jaxx. Wallets used for Ethereum and Zcash are also vulnerable to this malware.

Buy Bitcoin Now

Your capital is at risk.

Cyble added that the hackers are using YouTube to deploy this malware. The hackers are posting videos to educate viewers about free software used for Bitcoin mining. They attach a link on the description urging the users to follow it and access the software. Users are even urged to uninstall antivirus software to allow the malware to be deployed.

While the channel has since been removed from YouTube, it is estimated that the attackers had quite a reach, given that they had posted around 80 videos on the channel. Moreover, the malware is still being circulated by other channels purporting to offer free NFT mining and other free software services.

The report further showed that the malware automatically disabled itself once it detected that the victim was located in Belarus, Kazakhstan, Russia, and Ukraine. The blog post also said that the malware changed the timezone data to depict Russian Standard Time (RST) after the data was sent back to the attacker.

Malware in the crypto space

This is not the first time malware targeting the crypto space has been detected. Earlier this year, malware known as Mars Stealer was detected after targeting cryptocurrency wallets that rely on the Chromium browser extensions, including Binance Chain Wallet, Coinbase, and MetaMask.

In January, Chainalysis warned that malware was even being spread by cybercriminals with no expert skills. Between 2017 and 2021, cryptojacking accounted for 73% of the value received from malware addresses.

Read more:

Join Our Telegram channel to stay up to date on breaking news coverage

Read next