The latest threat to wallet security has emerged from an ancient crypt and has the body of a man and the head of a wolf.
Anubis, named after the Egyptian god of death, is a new type of malware that has been for sale on cybercrime dark markets since June, according to Microsoft Security Intelligence.
Using forked code from Loki malware, Anubis can be used to steal crypto wallet IDs, system info, credit card information and other data.
The malware, distinct from a family of Android banking malware also called Anubis, joins a growing list of malwares that seek out vulnerable cryptocurrency stashes, Coindesk reports.
“The malware is downloaded from certain websites. It steals information and sends stolen information to a C2 (command and control) server via an HTTP POST command,” said Tanmay Ganacharya, partner director of security research at Microsoft.
HTTP Post is essentially a data request from the internet. It is also used when users are uploading files or submitting completed web forms.
“When successfully executed it attempts to steal information and sends stolen information to a C2 server via HTTP POST command,” he said. “The post command sends back sensitive information that may include username and passwords, such as credentials saved in browsers, credit card information and cryptocurrency wallet IDs.”
How to protect yourself
Parham Eftekhari, executive director of the Cybersecurity Collaborative, a forum for security professionals, reviewed the images of code tweeted out by Microsoft and said not much information about the Windows Anubis malware has been released, Coindesk reports.
But the Loki bot (from which the Anubis code was taken) was spread via social engineering emails with attachments with “.iso” extensions. These messages masqueraded as orders and offers from other companies and were sent to publicly available company email addresses, sometimes from a company’s own site.
When it comes to avoiding Anubis, Eftekhari said people should not open any attachments or emails that they are not expecting or that seem unfamiliar.
“They should deploy antimalware applications on their systems and scan and update frequently,” he said. “Finally, when accessing sensitive accounts such as banking applications, they should employ secure or privacy browsers which may prevent malware from recording keystrokes or screenshots.”
Ganacharya said that like with many other cyber threats, Anubis operates under the radar, providing no clear visual clues. Users can check for dubious-looking files and running processes (for example, ASteal.exe, Anubis Stealer.exe) as well as suspicious network traffic.