Microsoft Detects A New Cryptocurrency-Related Malware Spreading Across Windows Computers
- Microsoft’s Security team warns of a possible cryptocurrency malware for Windows users.
- The malware targets personal info, credit card details, credentials, and cryptocurrency wallets.
- Users urged not to open any suspicious or fishy emailed attachments.
The Microsoft Security Intelligence team confirmed the presence of a new ‘info-stealing malware’ present in its Windows computers. In a tweet on Aug 27, the MSI team stated the malware was first spotted on cybercriminal black markets in June but has recently started spreading widely across the globe.
The new malware shares a name with an unrelated family of Android banking malware. Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.
— Microsoft Security Intelligence (@MsftSecIntel) August 26, 2020
The malware, named Anubis, arises from a code forked from Loki info-stealing malware, which was first detected in February 2016. Loki malware first started targeting Android operating systems on mobile phones allowing the hackers to steal credentials, data ex-filtration, disabling notifications, and intercepting communications.
The widespread malware in the fall of 2017 detected ransomware behavior with a forked version sold in the cybercriminal underground marketplaces.
Similarly, the hackers trick users into downloading the Anubis malware through suspicious emails and false websites and “sends these to command and control servers via an HTTP POST command.” The malware then steals Windows users’ information, mainly targeting crypto wallets, bank credit card information, personal info, and the system operating details.
However, MSI believes the malware is still in its maturity stages, hence limited, and users can keep safe from it.
“The new malware shares a name with an unrelated family of Android banking malware,” MSI tweet reads. “Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.”
MSI warns Windows users not to click on any suspicious emails and websites to avoid downloading the malware. MSI continues to monitor the progress of the fork and will give updates on its growth.