PennyWise: New crypto-stealing malware spreading through YouTube detected. Here’s how it works

What is PennyWise? This cryptocurrency malware tricks users to download software that can steal data from 30 crypto wallets and browser extensions.

pennywise malware
Representative image

A new threat to crypto users looking for Bitcoin mining software on YouTube has been reported. It is a crypto-malware spreading through the video platform, according to a report. Named “PennyWise”, this cryptocurrency malware tricks users to download software that can steal data from 30 crypto wallets and browser extensions.

Not just hot wallets, this malware reportedly targets cold crypto wallets such as Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electreum, Atomic Wallet, Guarda, and Coinomi as well. According to cyber intelligence company Cyble, the PennyWise malware is an “emerging threat” which has been developed recently.

In a blog post dated June 30, Cyble said that fraudsters, or the threat actors, are spreading PennyWise as a free Bitcoin mining software. They have posted over 80 YouTube videos which contain the links to download the malware. Individuals looking for Bitcoin mining software on YouTube may become the victims of this malware.

PennyWise targets over 30 Chrome-based browsers, over 5 Mozilla-based browsers, Opera and Microsoft Edge. The malware can take screenshots and steal sessions of chat applications like Discord and Telegram.

“Pennywise is an emerging stealer which is already making a name for itself. We have witnessed multiple samples of Pennywise out in the wild, indicating that Threat Actors may already be deploying it,” Cable said in the blog post.

“Though there is not much information regarding its adoption by cybercriminals at the moment, in the future, we may see new variants of this stealer and observe further samples in the wild,” it added.

ALSO READ | Top crypto prices today

According to the cyber intelligence company, the malware has been designed not to steal from users in countries like Russia, Ukraine, Belarus and Kazakhstan. “This could indicate that the TA is trying to avoid scrutiny by Law Enforcement Agencies in these particular countries,” the company said.

What should users do?

Users should always avoid downloading pirated software from unverified websites. They should use strong passwords and keep updating them at regular intervals. Users should also enforce multi-factor authentication.

One should always refrain from opening untrusted links and email authenticity.

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.

Photos