A new stealer dubbed PennyWise by its developers has appeared recently, exposed by Cyble Research Labs. The researchers observed multiple samples of the malware in the wild, making it an active threat. The threat focuses on stealing sensitive browser data and cryptocurrency wallets, and it comes as the Pentagon has raised concerns about the blockchain.
How PennyWise steals data
Once the malware has done all the checks, it starts multithreading for efficiency. Over 10 threads are created, each one in charge of a different operation.
The malware only steals RTF, DOC, DOCX, TXT and JSON files smaller than 20kb. The files are saved in a folder "grabber" in the hidden folder infrastructure created by the malware.
The malware also lists all installed software on the system.
All known browser data is stolen if the malware detects a browser it knows, including login credentials, cookies, encryption keys, and master passwords.
Discord tokens and Telegram sessions are also stolen, and a screenshot of the user's screen is taken.
The registry is then queried in a hunt for cryptocurrency wallets such as Litecoin, Dash, and Bitcoin before targeting cold storage wallets such as Zcash, Armory, Bytecoin, Jaxx, and Exodus, Ethereum, Electrum, Atomic Wallet, Guarda, and Coinomi. Wallet files are stolen from a list of predefined folders. Cryptocurrency extensions in Chrome-based browsers are also targeted.
Once all the collection is done, it is compressed and sent over to an attacker-controlled server before being deleted from the computer.
Link to the full report: PennyWise malware on YouTube targets cryptocurrency wallets and browsers
| TechRepublic |
remove preview |
|
| PennyWise malware on YouTube targets cryptocurrency wallets and browsers |
| A new stealer dubbed PennyWise by its developers has appeared recently, exposed by Cyble Research Labs. The researchers observed multiple samples of the malware in the wild, making it an active threat. The threat focuses on stealing sensitive browser data and cryptocurrency wallets, and it comes as the Pentagon has raised concerns about the blockchain. |
| View this on TechRepublic > |
|
|
------------------------------
Vipul Patel
Regional IT Coordinator
Pace Center for Girls
------------------------------