'Less sophisticated' malware is stealing millions: Chainalysis

Published at: Jan. 20, 2022

Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis.

Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale.

The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from vicitms in order to halt the attacks. Chainalysis stated:

“While most tend to focus on high-profile ransomware attacks against big corporations and government agencies, cybercriminals are using less sophisticated types of malware to steal millions in cryptocurrency from individual holders.”

Chainalysis’ Jan. 19 report focuses on the various types of crypto-malware, excluding ransomware, used over the last decade such as info stealers, clippers, cryptojackers and trojans, noting that they are generally cheap to acquire and even “low-skilled cybercriminals” can use them to siphon funds from their victims.

Cryptojacking tops the list of value received via malware at 73%, Trojans were ranked second at 19%, ‘Others’ totalled 5% while information stealers and clippers represented a mere 1% each.

According to Chainalysis, malware addresses send the “majority of funds on to addresses at centralized exchanges,” but note that figure is declining. As of 2021, exchanges only received 54% of funds from those addresses compared to 75% in 2020 and around 90% in 2019.

“DeFi protocols make up much of the difference at 20% in 2021, after having received a negligible share of malware funds in 2020.”

The report looked at the prolific Hackboss clipper that has stolen around $560,000 since 2012 by infecting user's clipboards to steal and replace information. It found that the “Cryptobot” infostealer was significant source source of ill-gotten gains in 2021, generating $500,000 worth of Bitcoin (BTC) from around 2,000 transactions.

Cryptojacking

Cryptojacking malware utilizes the victim’s computing power to mine various cryptocurrencies, with the target asset of choice “usually Monero” but Zcash (ZEC) and Ethereum (ETH) are sometimes also mined.

Chainalysis notes that a specific amount generated by this method is hard to pin down as the funds are transferred from mempools to unknown mining addresses as opposed to “the victim’s wallet to a new wallet” in other cases.

Despite being unable to provide an estimated monetary figure on the harm caused by cryptojackers, Chainalysis projects this malware type to account for almost three quarters of the total value generated by crypto-malware.

The report noted a 2020 report from Cisco’s cloud security division stated that cryptojacking affected 69% of its clients, thus translating to an “incredible amount of stolen computer power” used to mine large amounts of crypto.

It also highlighted a 2018 report from Palo Alto Networks which estimated that 5% of Monero’s circulating supply was mined by cryptojackers, estimated to be worth around $100 million in ill-gotten revenue.

Related: Crypto.com breach may be worth up to $33M, suggests onchain analyst

Info Stealer and clippers

Info stealers are used to swipe the victim’s crypto wallet info and account credentials, while clippers can be used to insert a specific text into the victim’s clipboard.

Clipper malware is often used to hijack the victim's outgoing transactions by inserting the cybercriminal’s wallet address when victims attempt to paste a sending address.

The report noted that these two types of malware received a combined 5,974 transfers from victims in 2021, up from 5,449 in the year prior.

Tags
Related Posts
Illicit crypto usage as a percent of total usage has fallen: Report
Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace. The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021. In its “Cryptocurrency Crime and Anti-Money Laundering” report released Monday, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 …
Blockchain / June 14, 2022
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys." So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious …
Technology / Jan. 24, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
Hope Finance exploit results in $2M stolen from users' funds
Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit. Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users that they had been scammed. #CommunityAlert @hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023. $1.86m was transferred to @TornadoCash. Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt — CertiK Alert (@CertiKAlert) February 21, 2023 Details of the project are difficult to come by. The platform’s …
Blockchain / Feb. 21, 2023