Cryptocurrency wallets are under threat from a new malware strain known as “DoubleFinger,” as reported by security experts at Kaspersky in a recent blog post. The rise in the value and popularity of cryptocurrencies has piqued the interest of cybercriminals, leading to sophisticated attacks like DoubleFinger.
According to Sergey Lozhkin, a lead security researcher at Kaspersky’s Global Research and Analysis Team (GReAT), the group behind DoubleFinger is highly skilled in developing advanced crimeware. The malware uses a multistage attack method similar to an advanced persistent threat (APT) to compromise cryptocurrency wallets.
The initial stage of the attack involves a malicious email attachment containing a PIF file, which sets off a series of events. DoubleFinger then downloads encrypted components from Imgur.com disguised as a PNG file, including a loader for the second stage and legitimate java.exe file. Subsequent stages are launched, with the fourth stage utilizing Process Doppelgänging to replace a legitimate process with a modified one housing the payload.
The final stage sees the installation of GreetingGhoul, a crypto stealer designed to target crypto wallets. This malware steals valuable data such as private keys and seed phrases, as well as intercepting user input to control and withdraw funds. Some variants of DoubleFinger also install the remote access Trojan Remcos, giving cybercriminals complete control over the infected system.
To safeguard crypto wallets, Kaspersky advises users to be cautious of scams, diversify wallet usage, be aware of cold wallet vulnerabilities, and purchase hardware wallets from official sources. Lozhkin emphasizes that protecting crypto wallets is a collective effort involving wallet providers, individuals, and the wider cryptocurrency community.
In light of recent events, where two Russian nationals were charged with stealing millions from the defunct crypto exchange Mt Gox, the importance of cybersecurity measures for cryptocurrency users is underscored. By remaining vigilant, implementing robust security practices, and staying informed about emerging threats, individuals can mitigate risks and safeguard their digital assets effectively.