INFRA
INFRA
INFRA
SpriteCoin ransomware pretends to be a cryptocurrency wallet to get installations
In a different twist on traditional ransomware, a newly discovered attack pretends to be a new cryptocurrency wallet to persuade users to install it, then takes over control of files on a victim’s personal computer.
Called SpriteCoin, the same name of the fake cryptocurrency it purports to be promoting, by researchers at Fortinet Inc., the ransomware is being spread via forum campaigns. They’re telling people they should download a wallet to get in on the ground floor of a “new cryptocurrency written in JavaScript” that is “sure to be a profitable coin” for the user.
Perhaps not surprisingly at this point, the download is not a cryptocurrency wallet. Instead, it downloads a file called MoneroPayAgent.exe that then encrypts files on the victim’s PC and demands a ransom payment of 0.3 Monero, worth a little over $100 at the time of writing. In addition to encrypting files, the ransomware sends the user’s Chrome and Firefox credential stores to a remote website, likely giving the attackers access to the user’s passwords as well.
Not content with simply extorting money from unsuspecting victims, the ransomware then adds an even nastier twist. If and when victims pay the ransom, the software downloads malware identified as W32/Generic!tr that can harvest certificates and parsing keys and access web cameras.
“The allure of quick wealth through cryptocurrency seems to be enough to trick unsuspecting users to rush toward the wallet app du jour without consideration,” the researchers wrote.
Along with practicing safe internet, organizations are advised that they need to prepare for ransomware attacks by developing a solid backup and recovery plan.
“Do not rely on shadow volume backups alone, as some ransomware variants delete them,” the researchers noted. “Malware authors have done their homework to ensure a higher success rates. They understand that most people don’t back up their systems regularly, but if someone should perform a shadow volume or similar backup, they have logic built into the malware to defeat it. Instead, a simple offline backup of important files will save a lot of time and frustration.”
Image: Fortinet
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
