InsideBitcoins.com

New Malware Family KyptoCibule Is Launching Triple-Threat Attacks

New Malware Family KyptoCibule Is Launching Triple-Threat Attacks

Game torrents and pirated software are helping spread a previously undocumented malware family, KryptoCibule. The malware is launching a triple-threat attack and deploying a remote-access Trojan (RAT) functionality to create backdoors to the victims.

Pirated content being used to spread malware

ESET researchers note that the malware is primarily spreading in Slovakia and the Czech Republic via software torrents and pirated content. Researchers posted an analysis on Wednesday and said,

“KryptoCibule is spread through malicious torrents for ZIP files whose contents masquerade as installers for cracked or pirated software and games. Almost all the malicious torrents were available on uloz.to; a popular file-sharing site in Czechia and Slovakia.”

New Malware Family KyptoCibule Is Launching Triple-Threat Attacks

KryptoCibule is derived from the Czech and Slovak words for “crypto” and “onion.” The name was chosen because it uses legit software and platforms like the Tor network and the BitTorrent protocol, Apache httpd, Transmission torrent client, and the Buru SFTP server. The researchers noted that the malware comes from December 2018.

Three-pronged attack

The malware infects a computer and starts mining Ethereum and Monero. It can also hijack the user’s transactions and replace wallet addresses on the clipboard to send cryptocurrencies to the hacker’s address. The malware can steal cryptocurrency-related files from the users.

ESET suggests that the latest versions of the malware run XMRig, which is an open-source program used to mine Monero. It uses another open-source software called kawpowminer, which miners Ethereum using the GPU. They are connected to an operated-controlled mining server using a Tor proxy.

The malware will check the battery level and time since the last user input and start or stop the miner on this information. If the user has not to input anything in the past three minutes and has at least 30% battery, then both CPU and GPU miners run endlessly. If not, then the GPU miner is suspended, and the CPU miner runs only on one thread. The mining activity is stopped when the battery level is near 10% so that the user doesn’t suspect anything.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      Sherlock Gomes loves to write and express his views on anything related to Crypto. He has been covering Crypto for more than two years now. He likes Bitcoin and Cardano. He also writes on Finance, Healthcare, and Technology among other stuff. He can be reached by e-mail on sherlockg@insidebitcoins.com

      Leave a Reply

      Your email address will not be published. Required fields are marked *