Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Doctor Web has detected malicious activity in a cryptocurrency monitoring tool

January 22, 2019

Downloader Trojans are used to upload another malware to a victim’s device. Trojan.DownLoad4.11892 is no exception. When installed it downloads malicious software to steal private data from cryptocurrency holders.

In Autumn 2018 cryptocurrency mining enthusiasts began noticing messages suggesting they install a tool for monitoring cryptocurrency prices. The app developers promised a certified, trusted and free widget. At first glance, this program doesn’t raise any suspicions. It has a valid digital signature and works exactly as promised. But behind this seemingly flawless functionality, there’s a hidden catch: it will steal your private data.

Upon installation, the program compiles and runs malicious code downloaded from the developer’s personal Github account. Once completed, it uploads Trojan.PWS.Stealer.24943, also known among malware developers as AZORult, to a victim’s device. This Trojan allows cybercriminals to steal a vast amount of private data, including passwords from cryptocurrency wallets.

In most cases encountered by Doctor Web researchers, this malware was distributed in English on forums dedicated to cryptocurrency mining. It was seen less often on Polish and Russian forums dedicated to the same subject.

At present, the Trojan is still available on several file exchanges, as well as on the Github account mentioned earlier. Dr.Web products successfully detect and remove this type of malware. That said, our cybersecurity researchers strongly advise you to timely renew your anti-virus subscription and install all the latest updates.

Find out more about this Trojan

#cryptocurrency #mining #Trojan

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040