Microsoft Threat Intelligence, the global network of the tech giant's security experts, has issued a warning about a major "malvertising" campaign targeting cryptocurrency traders.
The campaign spotlighted by Microsoft became active earlier this month.
Unsuspecting users get lured into downloading a malicious installer presented as legitimate trading tools from such well-known companies as Binance and TradingView with the help of bogus ads.
Node.js-based malware hidden inside the downloaded package immediately infects the system and starts collecting information about the victim's computer while also creating a scheduled task to make sure that the malware remains on the system.
The obfuscated scheduled task is capable of avoiding anti-virus detection.
The victim gets a window that shows a legitimate cryptocurrency trading website as a decoy.
Alex DovbnyaThe malicious scripts collect a wide range of data that includes the list of installed programs, the version of the BIOS, region settings, network adapter details, and so on.
The collected information could be potentially used for targeting specific victims or planning future attacks.
In order to protect themselves from the ongoing malicious campaign, potential victims are recommended to monitor suspicious script behavior, enable endpoint protection, and restrict outbound communication.
"Organizations can reduce the impact of attacks leveraging Node.js by educating users on the risks of downloading software from unverified sources and monitoring and limiting Node.js execution," Microsoft said.
Last year, as reported by U.Today, CryptoQuant CEO Ki Young Ju opined that Windows might be more dangerous for cryptocurrency holders compared to macOS.
Vladislav Sopov
Dan Burgin