“DOCTOR WEB” DISCOVERED A “TROJAN” THAT STEALS PASSWORDS FROM CRYPTOCURRENCY WALLETS
Specialists of the company “Doctor Web” found a virus that steals passwords from cryptocurrency wallets.
In the autumn 2018, in the online communities that are dedicated to cryptocurrencies, the first messages appeared with a proposal to install a widget to track the rates of digital currencies.
As experts note, at first glance, the application does not raise suspicions: it has a valid digital signature and it shows the current information about the exchange rate of cryptocurrencies, but it hides malicious functionality.
During installation, the program downloads, compiles and executes the source code downloaded from the developer’s personal account on Github. After, it downloads the Trojan.PWS.Stealer.24943, also known as AZORult. Then the Trojan is used to steal personal data, including passwords of cryptocurrency wallets.
It is noted that the download file is still available on profile resources, including Github.