A new phishing campaign is spreading malware through emails that claim to have Bitcoin investment updates, according to My Online Security. The emails direct the victim to download an attachment, which is an [.]iso file with a fake file extension. The malware is thought to be a new Bitcoin currency stealer, although it’s difficult to tell exactly what it does because it appears to have anti-analysis capabilities.
“What I believe happens, is that the malware stealer file only triggers when you are on one of the bitcoin wallet sites or when you copy or paste in your bitcoin address,” says the researcher at My Online Security. “This misuses the BitPing ‘tool’ to replace your bitcoin address with the criminal’s one so any payments to your bitcoin address instead go to his account.
What the criminal is hoping is that you install the malware that will only trigger when you send somebody else your bitcoin address to pay you. That is replaced by the criminal’s address and he gets the money instead of you.” Thus the clipboard hijacking, a useful trick to alt-coin scammers.
My Online Security stresses that “the basic rule is NEVER open any attachment to an email, unless you are expecting it.” These scams are designed to trick you into clicking on the file without thinking. One useful technique is to change your system settings to “show known file types,” so that you can see the true file extension even if an attacker puts a fake one in the filename.
And of course we need to be vigilant as criminals evolve new approaches. New-school security awareness training can help you and your employees build good security habits in order to avoid these scams.
My Online Security has the story: https://myonlinesecurity.co.uk/fake-bitcoin-investment-scam-delivers-malware/