A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive data and drain crypto wallets. It employs a deceptive GUI to distract users while performing malicious activities in the background. The attack flow involves an initial infection through the PyPI package, followed by a multi-stage process using a fake website to deliver secondary payloads. The malware conducts extensive data theft, targeting cryptocurrency wallet data, browser information, and sensitive system files. The attacker uses multiple platforms to distribute the malware and engages with potential victims through a Telegram channel. Author: AlienVault
Related Tags:
CryptoAITools
T1102.002
T1036.004
social-engineering
T1074.001
multi-stage
T1553.005
T1059.006
T1036.005
Associated Indicators:
tryenom.com