One of the new fake cryptocurrencies, has lured naïve suspects through forums. After installing the software, they realized malware/ransomware was installed into their system, changing the way people can now deliver these unwanted applications.
The new malware made an attempt to trick victims into installing the unwanted software through the guise of fast money from the cryptocurrency – prior to the software encrypting their files and demanding Monero for the needed decryption key.
What is SpriteCoin Cryptocurrency Malware?
Spritecoin was the name of the coin, advertised on the different forums as a new cryptocurrency that was guaranteed to be profitable for new users. But it wasn’t anything of the sort, in fact it was the opposite. People who fell for the scam, built around the popularity around cryptocurrency and blockchain technology, where taken advantage from the malware.
Those taken advantage of, where then instructed to pay about $100 in Monero to get their files back. They also installed more malware that further infected the computers with more burdensome software. The software even had the ability to initiate the person’s webcam software to take images for more ransoms.
The malware was discovered by researchers at the Fotinet company. SpriteCoin was advertised on forums and required a special level of social engineering to fully take advantage of the targets. A lot of the installations happen via emails where information was fished on. The form delivered the cryptocurrency wallet that the user was told had the SpriteCoin software.
It’s an old school cyber hacking trick, that has been used by several in the pyramid scheme base. After the user would run the executable file, they’re asked to get a wallet password. And this was before they downloaded the blockchain technology. The reality is, it’s not something that happens at all, it’s a routine to take advantage of people who have the files on their system.
The user’s credentials from their various stores were raided and sent to an unknown website, which put a lot of dangerous personal information into the hands of the hackers. After the process was complete, the victim was presented with a note dictating the demand of Monero to decrypt their files. Thenote also gave info as to what Monero was, how to get it and how to pay afterwards. And then also indicating that the deleted files would be encrypted forever.
The ransom was low when compared to many of the different types of ransomware. Which is now occurs in the amounts of hundreds of thousands of dollars. It could be that attackers typically ask for low amounts because systems like SpriteCoin are simple test to see how delivery systems work.
“In this instance, it seems like the intent was not just about money. What we infer is that the intent is not about the amount of money, but possibly about proof of concept or testing new delivery mechanisms, and to see how many people would fall for it,” stated Tony Giandomenico, the senior security researcher at Fortinet FortiGuard Labs.
“This is very similar to when attackers would test to see how effective or fast a worm would spread before really launching it. This could be the same concept.”
Those who were behind the SpriteCoin malware infection, attempted to give the victim assurance that paying the Monero would end up in the decryption of their files. And if it didn’t, they could simply tell others not to pay, resulting in them trusting the company responsible.
It’s unlikely that victims would get their documents decrypted. If they actually paid for the fee, they would likely receive more malware that would activate things like webcams and other fake certificates.
“The note is really encouraging the victim to ‘initiate payment of the ransom' in order to get the secondary malicious payload dropped,” stated Giandomenico.
Researchers still haven’t been ale to analyze or break this malware down, it’s likely that it’s suffering from more compromised computers and users, all of which are bad for the victim.
SpriteCoin Cryptocurrency Malware Conclusion
Spritecoin isn’t the only malware that has surfaced asking for payments of Monero. With the popularity of Bitcoin, there have been several that have caused serious problems for cryptocurrency users or those naïve to hackers. It’s causing a lot of issues in the industry, due to cyber hackers gaining more power and asking for larger ransoms.
And it’s because of problems like this, that many ransomware distributors are switching their business model from bitcoin to other cryptocurrencies like Monero.