Threat Watch

New KryptoCibule Mining Malware

Threat researchers at ESET have discovered a crypto-mining malware that has[RP1]  evaded detection by anti-virus software as it uses the computing power of infected computers to generate Monero and Etherium crypto-currencies. Named KryptoCibule, this malware has been successful at hiding from researchers for almost two years now. In the analysis report from ESET, researchers noted that this malware relies heavily on the Tor network to communicate with its Command and Control (C2) servers. It spreads through malicious torrents that pretend to be pirated games and software. Currently, KryptoCibule seems to be targeting the Czech Republic and Slovakia—more than 85% of detections have come from those countries. Attacks in these countries appear to be intentionally targeted, as it checks for security products from ESET, AVG, and Avast which are based in these two countries. If KryptoCibule detects any of these products, it automatically stops installation.


 [RP1]This malware does not steal cryptocurrency from victims – it abuses the power of the victim computer to mine.

ANALYST NOTES

Since KryptoCibule spreads through pirated programs, it is advisable to only download software and games from trusted sources such as the author of that particular software. It is also advised to use a reputable anti-virus/anti-malware program that is updated on a routine basis, although as this report demonstrates, malware sometimes goes undetected by anti-virus for an extended period of time–sometimes for years. This is not the only example of malware that uses the Tor network to communicate between the operators and victim computers. Monitoring Endpoint Detection and Response (EDR) software that keeps track of the constantly changing IP addresses used by Tor servers, and is capable of alerting when programs make connections to Tor, allows Security Operations Centers (SOCs) to take action to stop threats even when anti-virus programs fail to detect them.

Source Article: https://www.bleepingcomputer.com/news/security/kryptocibule-malware-dodges-antivirus-to-steal-cryptocurrency/