Microsoft's cybersecurity division has warned about a new malware campaign that specifically targets cryptocurrency investors by hijacking widely used software development tools.
Bad actors hide malicious code in popular open-source packages to steal wallet keys and passwords.
The modus operandi
According to Microsoft Threat Intelligence, the attackers compromised two specific packages found on npm, which is a huge public registry widely used by developers to create applications.
If a user or software developer inadvertently downloads these infected packages, a Remote Access Trojan (RAT) gets deployed onto their operating system.
The Trojan stealthily operates in the background to monitor the victim’s device.
It can record keystrokes, take screenshots, scan for stored private keys, and so on.
The hackers are using an innovative method to steal the stolen data from the victim's computer.
The stolen data is routed via Hugging Face, a highly popular online platform that is very popular among artificial intelligence and machine learning devs.
The stolen crypto credentials can slip past basic security software undetected, given that there is no suspicious-looking server.
A sneaky crypto miner
There has been another sophisticated threat uncovered by Microsoft just last week, which similarly targets high-performance computer users.
Attackers are deploying a stealthy "cryptojacking" malware to secretly hijack a computer's processing power to secretly mine crypto.
This mining threat specifically hunts for PC gamers and hardware enthusiasts who own high-end graphics processing units (GPUs). In such a way, the hackers ensure they get the maximum possible crypto-mining yield.
The hackers rely on Search Engine Optimization (SEO) poisoning to push fake websites to the top of search engine results.
Dan Burgin
