Criminals impersonate spam delivery companies to steal cryptocurrencies

A malware campaign that spreads through fraudulent email messages uses the name of the delivery company DHL to install a pest that steals cryptocurrencies from victims’ wallets. The attacks mainly target nine countries, focusing mainly on English and Spanish speakers, although hundreds of instances of the coup have also been detected in Brazil. The alert was issued by Avast, security company and responsible for the well-known antivirus.

  • Minecraft is the most used title in cyberattacks against gamers
  • These are the top digital dating app risks
  • What are the risks of sharing your dating app password? Netflix?

According to the company, more than 12 thousand fake messages have been detected since the day of September, being used as a way to disseminate BluStealer. The plague is focused on the most popular cryptocurrencies such as Bitcoin, Ethereum, Monero and Litecoin, as well as on major exchanges and digital wallets; its main objective is to obtain credentials to access funds deposited by users, which are transferred to cybercriminals as soon as possible. The main countries affected are Turkey, United States, Argentina, United Kingdom and Italy; in our country, there were 94 detections.

One of the versions of the scam simulates a legitimate message from DHL informing the user of a package available for pickup at a logistics company office due to inability to deliver to the address. The recipient is asked to fill out a form that is attached, in a file in ISO format — when executed, BluStealer is installed stealthily and starts to monitor the typed data, until it obtains the credentials to access the portfolios. cryptocurrencies. The plague can also come from links in the body of the text.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

Example of fraudulent email on behalf of DHL, which carries malware BluStealer, focused on stealing credentials and cryptocurrencies (Image: Reproduction/Avast)

A second version The coup was also detected, focusing on corporate clients and using the name of the Mexican metal producer General de Perfiles. In this case, the alleged partners are informed of a credit related to an excess charge in an order, with the filling of the form being necessary so that the amount can be debited on the next invoice. In both cases, criminals also use spoofing techniques to simulate legitimate company email addresses and increase the appearance of legitimacy of the scam.

According to Avast, BluStealer carries with it, also, the capabilities to host files on servers controlled by criminals and to obtain access data to other services and social networks. However, only crimes related to cryptocurrencies have been registered so far, with an analysis indicating that the bandits have already received more than US$ 64, 3,000, irregularly transferred from the victims’ accounts.

“It’s an old trick, but with a new type of threat attached,” explains Anh Ho, researcher at malware from Avast. According to him, criminals take advantage of the popularity of cryptocurrencies to carry out social engineering attacks on behalf of large companies, also using the low tracking potential of digital values ​​as a way to erase traces and hinder an eventual recovery of money.

The recommendation is to pay attention to receiving emails in the names of companies and business partners, with users avoiding opening attached files or clicking on links unless they are sure of the origin of the contact . Security software is capable of detecting common threats like these, while operating systems and apps must always be kept up to date to prevent known loopholes from being exploited in criminal attacks.

Source: Avast

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.


Related Articles

Back to top button