INFRA
INFRA
INFRA
SpriteCoin ransomware pretends to be a cryptocurrency wallet to get installations
In a different twist on traditional ransomware, a newly discovered attack pretends to be a new cryptocurrency wallet to persuade users to install it, then takes over control of files on a victim’s personal computer.
Called SpriteCoin, the same name of the fake cryptocurrency it purports to be promoting, by researchers at Fortinet Inc., the ransomware is being spread via forum campaigns. They’re telling people they should download a wallet to get in on the ground floor of a “new cryptocurrency written in JavaScript” that is “sure to be a profitable coin” for the user.
Perhaps not surprisingly at this point, the download is not a cryptocurrency wallet. Instead, it downloads a file called MoneroPayAgent.exe that then encrypts files on the victim’s PC and demands a ransom payment of 0.3 Monero, worth a little over $100 at the time of writing. In addition to encrypting files, the ransomware sends the user’s Chrome and Firefox credential stores to a remote website, likely giving the attackers access to the user’s passwords as well.
Not content with simply extorting money from unsuspecting victims, the ransomware then adds an even nastier twist. If and when victims pay the ransom, the software downloads malware identified as W32/Generic!tr that can harvest certificates and parsing keys and access web cameras.
“The allure of quick wealth through cryptocurrency seems to be enough to trick unsuspecting users to rush toward the wallet app du jour without consideration,” the researchers wrote.
Along with practicing safe internet, organizations are advised that they need to prepare for ransomware attacks by developing a solid backup and recovery plan.
“Do not rely on shadow volume backups alone, as some ransomware variants delete them,” the researchers noted. “Malware authors have done their homework to ensure a higher success rates. They understand that most people don’t back up their systems regularly, but if someone should perform a shadow volume or similar backup, they have logic built into the malware to defeat it. Instead, a simple offline backup of important files will save a lot of time and frustration.”
Image: Fortinet
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
