Microsoft has recorded several virus campaigns using the new Anubis malware to steal confidential information and crypto assets.
Microsoft Security Intelligence, a new form of malware called Anubis has already spread around the world after it went on sale in the darknet markets in June. The program is based on a fork of the code of its predecessor Loki. Anubis can steal keys from cryptocurrency wallets, system credentials, credit card information, and other data.
It is important to note that this new SOFTWARE is not related to the banking Trojan Anubis, which was popular with hackers earlier.
“Malware is downloaded from certain sites. It steals information and sends it to the command server via the HTTP POST command, ” said Tanmay Ganacharya, Director of security research at Microsoft. “The POST command sends confidential information that may include user names and passwords, including those stored in browsers, credit card information, and cryptocurrency wallet IDs.”
Cybersecurity Collaborative CEO Parham Eftekhari said:
“To protect themselves from Anubis, users should deploy antivirus applications on their systems and perform scans and updates as often as possible. When accessing sensitive credentials, such as banking applications, you must use secure browsers that may prevent you from recording keystrokes or taking screenshots.”
Ganacharya said that like many other threats, this new malware tries to remain undetected. Its presence can detect the presence of suspicious files and running processes (for example, ASteal.exe, Anubis Stealer.exe), as well as suspicious network traffic.
For its part, Microsoft has updated the Defender for ATP detection Anubis will monitor it to detect further spread of virus campaigns. Microsoft Defender ATP uses artificial intelligence-based cloud protection to protect against new and unknown threats in real time.
According to Ganacharya, users should avoid visiting unknown or suspicious websites, opening suspicious emails, attachments, and navigating to unknown URLS. In addition, users can enable blocking of unwanted applications in Microsoft Edge to get protection from programs for hidden mining of cryptocurrencies and other SOFTWARE that can affect the performance of devices.
Cryptocurrency wallets are at risk not only from malware, but also from internal vulnerabilities. In July, the developers of the zengo cryptocurrency wallet without private keys and passwords discovered
vulnerability to the BigSpender double spending attack, which affects the Ledger Live, Bread, and Edge wallets.
In April, it became known that hackers use
vulnerabilities in the iOS mail app for accessing cryptocurrency wallets, and in February, tokens of users of the IOTA Trinity wallet were stolen
due to a vulnerability in the app.