Microsoft Security is describing a new type of malware that it calls ‘cryware’. A new type of attack method to enter the cybercrime lexicon, Microsoft says cryware will become a frequent concern as more people start using “hot wallets”.
As more people look to increase they cryptocurrency investments in hot wallets, cybercrooks will look to target them. Microsoft says cryware is the term it gives the malware category (crypto + malware = cryware).
Crypto markets are increasingly volatile and info-stealing malware will seek to gain access to passwords and private keys for hot wallets. If you are unfamiliar with hot wallets, they store cryptocurrency online. The alternative is offline storage, which is a cold wallet.
“Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets. Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them,” Microsoft details in a blogpost.
Of course, malware looking to steal information for cryptocurrency wallets is nothing new. However, cryware marks a change where attackers are ramping up their efforts and seeking to steal crypto and transfer it into their wallets.
Microsoft explains how such attacks are irreversible because of the nature of crypto:
“Unlike credit cards and other financial transactions, there are currently no available mechanisms that could help reverse fraudulent cryptocurrency transactions or protect users from such,” Microsoft explains.
Microsoft security explains how cryware works and details a specific attack:
“Mars Stealer is a notable cryware that steals data from web wallets, desktop wallets, password managers, and browser files. The snippet below was taken from a section of Mars Stealer code aimed to locate wallets installed on a system and steal their sensitive files,” says Microsoft.
Tip of the day: After years of hefting a laptop around, you inevitably build up a menagerie of Wi-Fi networks. For the most part, they’ll sit on your PC, hardly used, but at times a change in configuration can make it difficult to connect to a network your computer already remembers. At this point, it can be beneficial to make Windows forget a Wi-Fi network and delete its network profile.