Crypto Malware Designed for Windows Hacking on the Loose

Wednesday, January 17, 2024 9:28 AM UTC

Apple Overtakes Samsung in Global Shipments, Plans Camera Upgrades for iPhone 16 Series
Samsung Set to Launch One UI 6.1, Promising AI Enhancements for Older Models
TSMC's Market Share Gains at Risk Amid Currency Fluctuations and Equipment Shortages
Starlink Expands Reach, Set to Connect John Deere Tractors and Improve Global Access

Cybersecurity firm Trend Micro has identified a previously unknown malware strain named Phemedrone Stealer.

This malware exploits a now-patched security flaw in Microsoft Windows, explicitly targeting web browsers and extracting data from crypto wallets. The Texas-based firm's report reveals that Phemedrone Stealer is not limited to crypto-related information; it also harvests data from messaging apps such as Telegram, Steam, and Discord.

Beyond Data Theft

Cybersecurity experts have noted that Phemedrone Stealer goes beyond traditional data theft methods.

According to Crypto News, in addition to extracting sensitive information, the malware captures screenshots and collects comprehensive system details, including hardware specifications, location data, and operating system information. This multifaceted approach underscores the sophistication of modern cyber threats as threat actors continually evolve their tactics.

The stolen data is transmitted to the attackers through Telegram or a command-and-control (C&C) server. Trend Micro highlights that the vulnerability stems from the absence of checks on Microsoft Defender and related prompts on Internet Shortcut (.url) files. Threat actors exploit this loophole by creating .url files, initiating the download and execution of malicious scripts, and effectively bypassing Windows Defender SmartScreen warnings and checks.

Despite the security patch released by Microsoft, Trend Micro warns that an increasing number of malware campaigns, including those distributing the Phemedrone Stealer payload, continue to exploit this security gap. The exact scale of stolen crypto or private data due to Phemedrone Stealer remains unclear.

Cybersecurity Efforts Mitigate Financial Impact

In 2023, the De.Fi REKT database recorded a concerning 455 incidents, with the largest hack amounting to $231 million, attributed to Multichain.

According to Trend Micro, despite the alarming cumulative total of $2 billion, cybersecurity experts and white hat hackers managed to recover approximately $200 million from the overall sum. This indicates that while the cyber threat landscape is evolving, concerted efforts from cybersecurity professionals contribute significantly to mitigating the financial impact of malicious activities, offering a glimmer of resilience against cyber threats.

Photo: Markus Spiske/Unsplash