SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Big business in cryptocurrencies and cybercrime
Wed, 10th Aug 2022
FYI, this story is more than a year old

Cryptocurrencies are valuable, digital, anonymous, and can be used across borders - they can be sent to others anytime, anywhere. There are always waves of excitement in the cryptocurrency space, with record highs being followed by lows. We know that as of June this year, about a quarter (26%) of Australians considered cryptocurrency as a good investment, and over 36% have at one point considered buying cryptocurrency as an investment. There are fans that believe that cryptocurrencies like Bitcoin's value will skyrocket again and are encouraging people to invest in 'the dip'.

Cryptocurrencies have become an attractive target for cybercriminals, namely because of the ability to operate anonymously. All transactions are recorded on a decentralised ledger system called blockchains, allowing users to send and receive namelessly with no registered bank account or financial gatekeepers. Additionally, given the space is relatively new, it is not yet heavily governed, meaning transactions cannot be closely monitored for mispractice, such as one-off payments for illegal sales.

Cryptocurrencies have been losing value in the past weeks, but with each record high, have previously been adopted more widely as a legitimate investment for potentially making impressive returns, especially in countries where cryptocurrency adoption is most prevalent. With this wide adoption, crypto-related scams can increase, and seven out of ten Australians agree that cryptocurrency needs more safety and security around it. According to our data, there was an 86% increase in cryptominer malware targeting Australians between September and October 2021, which correlates with Bitcoin value beginning to sharply increase.
Generally, there are various ways that cryptocurrency is abused by cybercriminals using sophisticated and common scams.

Cryptominers

Coinminers stealthily abuse a user's computing power to mine cryptocurrencies, which can cause high electricity bills and impact the lifespan of the user's hardware.

While the Bitcoin price increased at the end of 2021, the number of coinminers Avast saw spreading in Q4/21 increased by 40%, often via infected web pages and pirated software.

An example of this is CoinHelper, one of the prevalent coinminers active in the last months of 2021, mostly targeting users in Russia and Ukraine. In addition to mining cryptocurrency, CoinHelper harvests various information about its victim's system (laptop/desktop), including their geolocation, antivirus solution they have installed, and hardware they are using.

We have seen attackers accumulate hundreds of thousands of dollars in wallets associated with crypto-mining malware.

Cryptostealers

Cryptostealer are malicious programs that target cryptocurrencies' transfer systems. They work by intercepting transactions by infecting devices with a monitoring system to capture and then steal valuable information, such as wallet ID numbers.

Cryptostealers can hijack transactions made by replacing wallet addresses in the owner's clipboard and filter out cryptocurrency-related files. Attackers switch clipboard contents when they detect a crypto wallet address so that the victim actually sends the payment to an attacker-controlled wallet instead of the intended one.

We have seen quite a few cryptostealers, with the two most prevalent being HackBoss and BlueStealer.

HackBoss: A simple yet very effective malicious software that demonstrates how easy it can be to lose cryptocurrency coins. The malware catches out many online users who are drawn into the game of selling, mining and exchanging digital assets. Its creators chose a strategy of misusing public social sites such as Telegram, YouTube, and public forums to promote their malware disguised as various hacking or cracking applications that victims can download with the promise of 'the best software for hackers'. Avast researchers collected a list of more than 100 cryptocurrency wallet addresses belonging to HackBoss authors and to which the HackBoss malware exchanges the wallet address present in the clipboard. The majority of those wallets are Bitcoin wallets, and the received funds on those wallets since November 2018 amount to over AUD $800,000.

BluStealer: A keylogger, document uploader, and cryptocurrency stealer in one piece of malware. It can steal crypto wallet data such as private keys and credentials, which can result in losing access to the wallet. BluStealer was also found to detect crypto addresses copied to the clipboard and replace them with the attacker's predefined ones so that a transfer of crypto coins will arrive at the cybercriminal's pocket instead of the legitimate holder.

Ransomware

Ransomware is one of the defining cyber threats of our time, showing no signs of slowing down. In recent years, hackers and other threat actors have unleashed a significant number of attacks, devastating the critical systems of a variety of industry organisations around the world and making headlines worldwide.

Cryptocurrency can somewhat be viewed as an enabler of ransomware. With cryptocurrencies, cybercriminals can maintain autonomy and anonymity with their requested ransom payments that are permanent and mostly unable to be tracked by authorities.

More than half (53%) of Australians are concerned about falling victim to a scam by purchasing cryptocurrency. However, there are some easy ways in which users can protect themselves and be hyper-conscious of potential scams:

  • Be wary of emails claiming to include shipping invoices or credit notes and not open attachments in unexpected or untrusted messages. Suspicious email attachments are one of the most common sources of cyber threats.
     
  • Be sceptical of cryptocurrency advertisements and posts on social media. Do your research using your search engine on any entity soliciting you on social media. If the offer sounds too good to be true, it probably is.
     
  • Double-check URLs and websites before entering details and making a purchase. Suspicious-looking links with an illegitimate URL are unsafe.
     
  • Rely on services that use strong security measures: When choosing a custodial or software wallet, people should be assured to choose a provider that offers strong security measures, including two-factor authentication methods. This will provide a safeguard from cyber-criminals and scams.
     
  • Do not ever give out your 2FA (2-Factor Authentication) security codes or passwords.
     
  • Never give anyone (e.g. a person over the phone pretending to be IT support) remote access to your machine. This effectively provides the scammer with full access to your computer, online financial accounts, and digital life.
     
  • Download digital security, like Avast One, that blocks malware such as crypto miners and cryptostealers for an extra layer of protection on investments.