BluStealer malware steals cryptocurrency and spreads through phishing emails

Avast analysts talked about a malicious spam campaign spreading BluStealer malware that steals cryptocurrency.

This info-stealer is designed topullBitcoin, Ethereum, Monero and Litecoin) from popular walletsArmoryDB, Bytecoin, Jaxx Liberty, Exodus, Electrum, Atomic, Guarda and Coinomi.

เบ็ดเสร็จ, experts tracked more than 12,000 phishing emails around the world.

phishing emails

In mid-September, ที่ Avast Threat Intelligence team recorded a surge in malicious activityphishing emails using the names of the shipping company DHL and the Mexican metallurgical company General de Perfiles, and distributing the BluStealer มัลแวร์.

example of a phishing email
An example of a phishing email

ตามกฎแล้ว, in such messages it is said that a certain parcel was delivered to the head office of the company due to the absence of the recipient on the spot. ต่อไป, the recipient is asked to fill out the attached document in order to transfer the delivery. When the user tries to open it, the BluStealer installation starts.

In phishing campaigns associated with General de Perfiles, recipients receive emails stating that they have overpaid their bills and that some credit has been saved for them, which will be included in the invoice of the next purchase. As in the campaign imitating DHL, the General de Perfiles message contains BluStealer as an attachment.

The countries most affected by BluStealer are Russia, ไก่งวง, USA, Argentina, สหราชอาณาจักร, อิตาลี, Greece, Spain, ฝรั่งเศส, Japan, India, Czech Republic, Brazil and Romania. ดังนั้น, Russian users received 139 such letters.

A large number of malware samples studied by Avast belonged to one specific campaign, which was identified by the unique .NET downloader. ตัวอย่างเช่น, spam messages contained .iso attachments and download URLs. These attachments contain executable malware files packaged using the mentioned .NET loader.

BluStealer combines the functionality of a keylogger and document downloader, and also steals cryptocurrency: it can steal data from cryptocurrency wallets, such as private keys and credentials, as a result of which the victim can lose access to their assets.Avast researchers say.
BluStealer is also able to detect cryptocurrency addresses copied to the clipboard and replace them with those previously set by the cybercriminals. As a result, the cryptocurrency ends up in the hands of cybercriminals, and not where the transfer was actually made.

Let me remind you that I also told that BulletProofLink Cybercrime Offers Phishing as a Service.

เฮลก้า สมิธ

ฉันสนใจวิทยาการคอมพิวเตอร์มาโดยตลอด, โดยเฉพาะความปลอดภัยของข้อมูลและธีม, ซึ่งเรียกกันในปัจจุบันว่า "วิทยาศาสตร์ข้อมูล", ตั้งแต่วัยรุ่นตอนต้นของฉัน. ก่อนจะมาอยู่ในทีมกำจัดไวรัสในตำแหน่งหัวหน้าบรรณาธิการ, ฉันทำงานเป็นผู้เชี่ยวชาญด้านความปลอดภัยทางไซเบอร์ในหลายบริษัท, รวมถึงหนึ่งในผู้รับเหมาของ Amazon. ประสบการณ์อื่น: ฉันได้สอนในมหาวิทยาลัยอาร์เดนและรีดดิ้ง.

ทิ้งคำตอบไว้

เว็บไซต์นี้ใช้ Akismet เพื่อลดสแปม. เรียนรู้วิธีประมวลผลข้อมูลความคิดเห็นของคุณ.

ปุ่มกลับไปด้านบน