Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

Nov. 4, 2024, 12:02 p.m.

Description

A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive data and drain crypto wallets. It employs a deceptive GUI to distract users while performing malicious activities in the background. The attack flow involves an initial infection through the PyPI package, followed by a multi-stage process using a fake website to deliver secondary payloads. The malware conducts extensive data theft, targeting cryptocurrency wallet data, browser information, and sensitive system files. The attacker uses multiple platforms to distribute the malware and engages with potential victims through a Telegram channel.

Date

Published: Nov. 4, 2024, 11:49 a.m.

Created: Nov. 4, 2024, 11:49 a.m.

Modified: Nov. 4, 2024, 12:02 p.m.

Indicators

coinsw.app

tryenom.com

Attack Patterns

CryptoAITools

T1102.002

T1059.006

T1132.001

T1036.004

T1074.001

T1119

T1074

T1555.003

T1553.005

T1547.001

T1555

T1071.001

T1036.005

T1005

T1573

T1071

T1102

T1036

T1132

T1056

T1059

Additional Informations

Technology

Finance