Microsoft warns of malware that steals money from cryptocurrency wallets

A group of Microsoft security experts has reported an increase in the activity of malware called Cryware, which allows stealing assets from hot crypto wallets.

According to the research team’s report, Cryware is used by attackers to search for cryptocurrency software on attacked devices and collect and steal critical data to access the victim’s hot cryptocurrency wallets.

Attackers can use patterns that include common expressions, words, or a set of characters to find important hot wallet data, such as passphrases and addresses.

Having gained access to the hot wallet’s data, attackers can use it to quickly transfer cryptocurrency to their own wallets. Unfortunately for the former owners of these assets, such theft is irreversible: transactions in the blockchain are final, even if they were made without the user’s consent or knowledge. There are rare exceptions, but they are not worth relying on.

What recommendations have security experts made? We have identified three main ones:

• Consider using cryptocurrency wallets that implement multi-factor authentication (MFA).
• Be careful when copying information. When copying the wallet address for a transaction, check several times whether the wallet address where you are sending cryptocurrency really matches the desired one
• Never store passphrases in plain text on your device or in cloud storage.