Cryptocurrencies are valuable, digital, anonymous, and can be used across borders – they can be sent to others anytime, anywhere. There are always waves of excitement in the cryptocurrency space with record highs being followed by lows. We know that as of June this year about a quarter (26%) of Australians considered cryptocurrency as a good investment, and over 36% have at one point considered buying cryptocurrency as an investment. There are fans that believe that cryptocurrencies like Bitcoin’s value will sky rocket again and are encouraging people to invest in ‘the dip’.
Cryptocurrencies have become an attractive target for cybercriminals, namely because of the ability to operate anonymously. All transactions are recorded on a decentralised ledger system called blockchains, allowing users to send and receive namelessly with no registered bank account or financial gatekeepers. Additionally, given the space is relatively new, it is not yet heavily governed, meaning transactions cannot be closely monitored for mispractice such as one off payments for illegal sales.
Cryptocurrencies have been losing value the past weeks, but with each record high have previously been adopted more widely as a legitimate investment for potentially making impressive returns, especially in countries where cryptocurrency adoption is most prevalent. With this wide adoption, crypto related scams can increase and seven out of ten Australians agree that cryptocurrency needs more safety and security around it. According to our data, there was an 86% increase in cryptominer malware targeting Australians from September and October 2021, which correlates with Bitcoin value beginning to sharply increase.
Generally, there are various ways of how cryptocurrency is abused by cybercriminals using sophisticated, and common scams.
Cryptominers
Coinminers stealthily abuse a user’s computing power to mine cryptocurrencies, which can cause high electricity bills and impact the lifespan of the user’s hardware.
While the Bitcoin price increased at the end of 2021, the number of coinminers Avast saw spreading in Q4/21 increased by 40%, often via infected web pages and pirated software.
An example of this is CoinHelper, one of the prevalent coinminers active in the last months of 2021, mostly targeting users in Russia and Ukraine. In addition to mining cryptocurrency, CoinHelper harvests various information about its victim’s system (laptop/desktop) including their geolocation, antivirus solution they have installed, and hardware they are using.
We have seen attackers accumulate hundreds of thousands of dollars in wallets associated with crypto-mining malware.
Cryptostealers
Cryptostealer are malicious programs that target cryptocurrencies’ transfer systems. They work by intercepting transactions by infecting devices with a monitoring system to capture and then steal valuable information, such as wallet ID numbers.
Cryptostealers can hijack transactions made by replacing wallet addresses in the owner’s clipboard, and filter out cryptocurrency-related files. Attackers switch clipboard contents when they detect a crypto wallet address so that the victim actually sends the payment to an attacker-controlled wallet instead of the intended one.
We have seen quite a few cryptostealers, with the two most prevalent being HackBoss and BlueStealer.
HackBoss: A simple yet very effective malicious software that demonstrates how easy it can be to lose cryptocurrency coins. The malware catches out many online users who are drawn into the game of selling, mining and exchanging digital assets. Its creators chose a strategy of misusing public social sites such as Telegram, YouTube, and public forums for promotion of their malware disguised as various hacking or cracking applications that victims can download with the promise of ‘the best software for hackers’. Avast researchers collected a list of more than 100 cryptocurrency wallet addresses belonging to HackBoss authors and to which the HackBoss malware exchanges the wallet address present in the clipboard. The majority of those wallets are Bitcoin wallets and the received funds on those wallets since November 2018 is over eight hundred thousand Australian dollars.
BluStealer: A keylogger, document uploader, and cryptocurrency stealer in one piece of malware. It can steal crypto wallet data such as private keys and credentials, which can result in losing access to the wallet. BluStealer was also found to detect crypto addresses copied to the clipboard and replace them with the attacker’s predefined ones so that a transfer of crypto coins will arrive at the cybercriminal’s pocket instead of the legitimate holder.
Ransomware
Ransomware is one of the defining cyberthreats of our time, showing no signs of slowing down. In recent years, hackers and other threat actors have unleashed a significant number of attacks, devastating the critical systems of a variety of industry organisations around the world, making headlines worldwide.
Cryptocurrency can somewhat be viewed as an enabler of ransomware. With cryptocurrencies, cybercriminals can maintain autonomy and anonymity with their requested ransom payments that are permanent and are mostly unable to be tracked by authorities.
More than half (53%) of Australians are concerned about falling victim to a scam by purchasing cryptocurrency. However, there are are some easy ways in which users can protect themselves and be hyper-conscious of potential scams: