Microsoft has warned against a new form of malware that’s targeting Windows users. Known as Anubis, the malware steals digital currency wallet credentials, credit card details and other valuable data.
The malware shares a name with yet another potent banking Trojan that has been targeting Android smartphones for months now. However, the new malware form is targeting Windows users, Microsoft Security Intelligence (MSI) revealed recently.
MSI first discovered the malware in June when it was being sold in the cybercriminal underground, it revealed on Twitter. Anubis relies on code forked from Loki, an info-stealing malware that targets Android systems. MSI revealed that Anubis has been stealing digital currency wallet credentials and credit card details, among others.
A new info-stealing malware we first saw being sold in the cybercriminal underground in June is now actively distributed in the wild. The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card details, cryptocurrency wallets pic.twitter.com/2Q58gpSIs0
— Microsoft Security Intelligence (@MsftSecIntel) August 26, 2020
The malware is not as widespread, MSI revealed, claiming that it has only been deployed in “what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.”
Anubis, which is named after the Egyptian god of death, is downloaded from certain websites, Tanmay Ganacharya told CoinDesk. Ganacharya, who is a partner director of security research at Microsoft, revealed that the malware steals information and then sends it to command and control servers via a HTTP POST command.
“When successfully executed it attempts to steal information and sends stolen information to a C2 server via HTTP POST command. The post command sends back sensitive information that may include username and passwords, such as credentials saved in browsers, credit card information and cryptocurrency wallet IDs.”
While not much is known about the new malware form, the use of code taken from the Loki malware can give some insight on how to avoid it. Loki used social engineering techniques to target its victims, sending attachments via email which, once clicked on, would install the malware. As such, you must avoid clicking on any email that you weren’t expecting, as genuine as it may seem, cybersecurity expert Parham Eftekhari advises.
Cybercrime has continued to evolve, with the hackers finding new ways to exploit security deficiencies. As CoinGeek reported recently, hackers deployed cryptojacking malware on a product available on Amazon Web Services. Cybercriminals have even used the BTC and Dogecoin blockchains to deploy Glupteba and Doki malware respectively.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.