Skip to content Skip to sidebar Skip to footer

New Combojack Malware Steals Cryptocurrency Past Times Modifying Addresses !

New ComboJack Malware Steals Cryptocurrency past times Modifying Addresses !

A novel cryptocurrency-stealing malware dubbed equally ComboJack has been discovered past times Palo Alto Networks Unit 42 together with Proofpoint researchers. It has been targeting cryptocurrencies together with digital wallets belonging to American together with Japanese users piece the malware is existence distributed via e-mail spam campaign.

Fake Passport Email
The malicious emails comprise the champaign of written report trouble “Re: passport…” The attackers play a joke on recipients into opening a PDF attachment that supposedly contains a scanned re-create of a passport the recipient has mistakenly left inward the e-mail sender’s office. The file does non exhibit the scanned passport icon precisely displays a asking to opened upward roughly other file, which is genuinely an embedded RTF file. This RTF file contains an embedded remote object.

This object attacks an one-time DirectX flaw (classified equally CVE-2017-8579) together with loads an HTA script. The script runs a PowerShell script to download the malware. Microsoft DirectX is basically a collection of APIs that manages multimedia related tasks on Windows OS.

After the malware is downloaded, it makes certain that it stays on the device for which it keeps itself hidden from the user. It thence creates an interplanetary space loop to snuff it along checking the contents of the clipboard afterwards one-half a instant to assess what sorts of cryptocurrencies the victim has stored on his/her digital wallet.

ComboJack shares similarities amongst a previously uncovered shape of malware, CryptoShuffler, although there's no indication that the 2 are straight related. Palo Alto Networks told ZDNet there's no indication equally to who is behind ComboJack.

As ComboJack relies on exploiting a vulnerability which was patched past times Microsoft inward September 2017, 1 means users tin avoid becoming a victim is to ensure that their operating organisation is upward to date.

Users tin likewise ensure that they don't autumn victim to the malware past times existence wary of unexpected emails together with foreign attachments - peculiarly if the message isn't straight addressed to them.