Malware Families: Crypto’s Continuing Kryptonite?

Posted on Sep 27, 2022 | BLOG

malware_banner

Malware continues to be a major headache for crypto investors in their quest to secure their assets against bad actors. With nearly 2 billion dollars stolen in the first half of 2022 alone, it’s more important than ever for new and seasoned investors to know what they’re up against, and avoid common attack vectors like phishing, ransomware and more. 

Blockchain security firm Chainalysis highlighted the most common malware threats for crypto users in its 2022 Crypto Crime Report

Let’s take a look at these malware families and how to keep them at bay. 

What is Malware?

Malware is a form of malicious software that infects and compromises a victim’s device. The device owner is typically unaware the software has been downloaded and unintentionally provides the malware with their personal info, financial details, and private communications. 

A compromised device can be used in a variety of ways to inflict further harm on the owner or other victims. For example, a phone may be ordered to spam its contacts with emails containing a link to the malware, spreading it further, or used to commit fraud at the owner’s expense. 

4 kinds of crypto-stealing malware families

  1. Info stealers

Info stealers, such as Redline, collect the data stored on your device and download it. Digitally storing your wallet password or seed phrase on a device would allow this form of malware to instantly drain your funds or NFTs. Cryptocurrencies stored on an exchange could even be at risk because the software likely has access to your 2FA, autosaved passwords, and email address. 

Using an exchange with a captcha (which bots cannot complete), having your account log out automatically after it’s been closed, and storing passwords and seed phrases physically will help prevent malware from causing financial ruin. However, the best way to prevent info stealers from accessing your data is to never download suspicious software or click on suspicious links. 

Source: Chainalysis

This may seem like common sense, but links containing malware often come from accounts or users we trust that have themselves been compromised, making them seem legitimate. If something seems too good to be true, it’s usually a scam.

  1. Clippers

Clippers will replace the text copied to your clipboard. This is particularly dangerous for cryptocurrency holders because wallet addresses are typically long, unreadable lines of code. 

When transferring crypto between wallets or to an exchange, clipper malware can easily replace your wallet address with the scammer’s burner wallet. Memorizing the first or last three characters of an address is suggested, but it’s also handy to have an exchange or extra wallet addresses labeled. Labeling an address can help your wallet immediately recognize where funds are going, and some wallets can be customized to only allow transfers between labeled addresses. 

  1. Cryptojackers

Cryptojackers have been on the rise in 2022, jumping as much as 30% due to the Log4j vulnerability discovery and the associated lower risk when compared with other public techniques such as ransomware. 

This stealthy malware harnesses the computing power of your device and uses it to mine cryptocurrencies without you knowing it. Mining cryptocurrencies may seem like free money, but a dedicated mining computer, a powerful GPU, and energy costs can make becoming a miner very expensive. 

Cryptojacking software subverts this by hijacking your device and mining discreetly without the owner’s knowledge. By the time cryptojacking software has been detected, the scammer has already profited and disappeared, leaving your computer or laptop severely damaged. 

Mining rigs require immense amounts of electricity and have a much shorter lifespan due to constantly running at full strength: to solve the complex puzzles that occur when mining cryptocurrencies, rigs are always running at 100% capacity to mine as many blocks as possible.

Most crypto malware targets retail investors, but large institutions are often the victims of cryptojacking and can suffer immense losses if not detected soon enough. And the threat is surging. According to SonicWall, financial firms suffered 5 times more attacks than retail. 

Signs of cryptojacking include your cooling fan turning on often, an increased electricity bill, and a general slowdown when doing daily tasks on your device. 

  1. Trojan horse viruses

Trojan malware can steal data, disrupt operations, or cause irreversible harm to your computer if certain ransomware are downloaded. True to their name, trojan viruses appear to be normal programs or USBs but are disguised to gain trust and system access before acting maliciously. 

Computers can become locked and demand a ransom, have their data wiped clean, or grant administrative privileges to the criminal that coded the malware. Enabling a simple feature such as blind signing, could result in financial ruin. Anything is possible if a trojan has infiltrated your device. If data is not properly stored, wallets, exchanges, and DeFi protocols can easily be accessed and drained without users noticing. 

All forms of malware are dangerous, but trojans, in particular, are considered the worst because they are hard to trace and can cause a variety of damages to your device, crypto holdings, and personal life. 

How to prevent crypto malware

Here are some tips to avoid downloading malware that could impact your crypto holdings or DeFi and Web3 activities.

  1. Keep your computer and wallet software up to date. 

Operating systems and popular applications are updated quite often. It may seem tedious or unnecessary, but installing new updates improve overall security and may specifically safeguard your devices from new malware or security threats

  1. Limit the use of your administrator account. 

Most laptops or desktops have an administrator account and multiple “standard” accounts. Standard accounts have fewer permissions and usually don’t allow for downloading new software. Daily web browsing rarely involves downloading new software and limiting daily use to a standard account can prevent malware from being downloaded.

  1. Secure your crypto before hacks occur. 

Passwords to wallets or exchanges, seed phrases, and any personal information that could be used to commit fraud should not be digitally stored on your computer or phone. Autocomplete login info is convenient but can be stolen if your email or device becomes compromised. The responsibility to protect your assets lies solely on you.

  1. Think twice. Click once.

Links leading to malware downloads can appear anywhere and from anyone. Accounts of trusted community members or influencers can be hacked and post links that appear genuine. Scammers are becoming smarter and often use NFT PFPs to gain the trust of their victims. No one is going to stand in the way of you clicking a dangerous link, so think twice and consider if your crypto is protected before entering a giveaway or trying out a new Dapp.