PennyWise crypto-theft virus propagates via YouTube

Depricated as of Oct 2022

Some CRYPKYP functionalities are depricated as of October 2022 and will no longer be populated until further development and future version.
Although all here is visible and interactable you can not Contribute to those articles.
Try looking at other information on the Platform and Contributing there!

Have a great day,

PennyWise crypto-theft virus propagates via YouTube

PennyWise crypto-theft virus propagates via YouTube
Source: CoinTelegraph
1657103533 06 Jul / 10:32

The virus targets Zcash and Ethereum wallets in addition to Electrum, Atomic Wallet, and Coinomi, it steals your browser extension and login information and peruses your chat logs.

A new outbreak of crypto-malware is spreading via YouTube, deceiving users into downloading software meant to steal data from thirty crypto wallets and crypto-browser extensions.

Cyber intelligence company Cyble stated in a blog post published on June 30 that it has been following the virus known as PennyWise — presumably named after the monster in Stephen King's horror novel It — since its discovery in May.

“Our investigation indicates that the stealer is an emerging threat,” Cyble stated in a June 30 blog post.

In its present form, this thief may target more than 30 browsers and cryptocurrency apps, such as cold crypto wallets, crypto-browser extensions, etc.

The information obtained from the victim’s PC consists of Chromium and Mozilla browser data, bitcoin extension data and login information. It may even steal sessions from chat services like Discord and Telegram and capture screenshots.

According to Cyble, the virus also targets cold crypto-wallets such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda, and Coinomi, as well as wallets supporting Zcash (ZEC) and Ether (ETH), by searching for wallet files in the directory and transmitting a copy to attackers.

The cybersecurity firm observed that the infection is disseminated through YouTube videos purported to be free Bitcoin mining software.

Cybercriminals, also known as “Threat Actors,” create movies advising viewers to follow the link in the description and download the free software while pushing them to disable their antivirus software, allowing the malware to execute successfully.

As of June 30, the attacker had as many as eighty movies on their YouTube account, according to Cyble. However, the discovered channel has since been deleted.

Cointelegraph discovered identical links to the virus on other, smaller YouTube channels, along with videos advertising-free nonfungible token (NFT) mining, software cracking, free Spotify premium, and game hacks and modifications.

Many of these accounts were established within the past twenty-four hours.

Intriguingly, the virus is programmed to self-destruct if it discovers that the victim resides in Russia, Ukraine, Belarus, or Kazakhstan. Cyble discovered that when the data is returned to the attackers, the malware transforms the victim’s stolen timezone info to Moscow Standard Time (MSK).

In February, it was discovered that malware known as Mars Stealer targets cryptocurrency wallets that function as Chromium browser extensions, including as MetaMask, Binance Chain Wallet, and Coinbase Wallet.

In January, Chainalysis warned that even “low-skilled hackers” are increasingly deploying malware to steal assets from cryptocurrency holders, with cryptojacking accounting for 73% of the total value acquired by malware-related addresses between 2017 and 2021.

Last News and Media
CRYPKYP contain links to third-party websites, resources, and advertisers. CRYPKYP does not control, sponsor, recommend or otherwise accept responsibility for any third-party content because we are not responsible for the availability of these outside resources or their contents or privacy practices. It will help if you direct any concerns regarding any third-party content to such a third party. We don't accept responsibility for the content of external websites linked to through the Site or the Services. Third-party content is accessed at the user's own risk. CRYPKYP distributes content from third-party publishers as indicated on the site from time to time mainly in Airdrops, News / Media, Whale Alerts, and Rumors. In these circumstances, CRYPKYP only provides limited stylistic input to the content. CRYPKYP does not verify and takes no responsibility for the accuracy of the content provided by any such third-party publishers.