Cryptocurrency has been mainstream for years. Like with everything else of value, there are people trying to steal it. Cybercriminals have come up with various ways to try to get their hands on cryptocurrency. Microsoft has warned the public of one more threat to their crypto wallets. This new malware is called Anubis Stealer, suspected as a variation of Anubis Ransomware and the Anubis Trojan, and it targets the wallets of Windows users.
A new info-stealing malware we first saw being sold in the cybercriminal underground in June is now actively distributed in the wild. The malware is called Anubis and uses code forked from Loki malware to steal system info, credentials, credit card details, cryptocurrency wallets pic.twitter.com/2Q58gpSIs0
— Microsoft Security Intelligence (@MsftSecIntel) August 26, 2020
According to Microsoft Security Intelligence (MSI), Anubis uses code which was probably borrowed from Loki and then significantly modified. The purpose of this threat is to get access to system information and any kind of financial data including credit card data, account credentials and crypto wallets. Naturally, all this information is then exfiltrated and delivered to the cybercriminals operating Anubis. The information is sent using an HTTP POST request.
MSI noted that at this point there seem to be a limited number of campaigns that spread Anubis. There are a few known URLs and C2 (command and control) servers utilized by the cybercriminals. One of Loki’s infection vectors was phishing and the operators of Anubis may use that method as well. Windows users who have cryptocurrency wallets should do their best to avoid getting infected. The usual best practices for safe internet use must be applied at all times.