ESET researchers have analyzed a previously unknown family of malware. That is spreading via malicious torrent files and targeting European internet users. If the infection is successful, the Trojan secretly tries to mine cryptocurrencies, manipulate wallets and transactions, and steal related data. The experts at the European IT security manufacturer have named the malware KryptoCibule. The malware tries to stay under the radar using various techniques. The ESET researchers are now presenting their analysis results on WeLiveSecurity.
“KryptoCibule also uses legitimate software. Some, like Tor and the Transmission torrent client, links to the installer, others are for later to download, ” says Matthieu Faou, ESET researcher who uncovered the new family of malware. “KryptoCibule consists of three components to get access to crypto currencies: cryptomining, manipulation of the clipboard and data theft. According to our analysis results, enough profit could only be achieved by using all three functions. To justify the development effort observed. “
Malware is always evolving
ESET has identified several versions of KryptoCibule. The researchers at the European IT security manufacturer can thus trace the development of the malicious program back to December 2018. Since then, the malware has been continuously developed and new features have been added to it on a regular basis.
European internet users in focus
The malicious program is particularly targeting the European Internet users. The criminals behind KryptoCibule uploaded the infected torrent files to a file sharing platform that is very popular with users from the Czech Republic and Slovakia. The ESET researchers suspect that users from the two countries are in particular focus, because the malware specifically checks the affected systems for security solutions that are often used in both countries.