Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model
A cryptocurrency-related malware program has been advertised on darknet forums as the "leading way to make money in 2021," raising alarms among the cybersecurity community. Palo Alto Networks published a report on the malware app Westeal that outlines the program's connections to other kinds of malware, which steals large streaming service accounts.
Westeal Claims to Be Immune Against Major Antivirus Software
According to cyber security company, "Westeal" is an development of "Wesupply Crypto Stealer," another malicious crypto application that has been sold in May of this year. The research suggests that the Wesupply evolution was advertised in February 2021.
The study reveals that Westeal was designed to basically take Bitcoin (BTC) and the cryptocurrency ethereum (ETH) going into or out of the victim's wallet via their clipboard.
Moreover, people who acquire the malicious app get access to a web-based panel to handle all the operations which includes a "victim tracker panel."
One aspect that is causing concern of Palo Alto Networks is the fact that Westeal is believed to be immune to antivirus software that is a major world market onion component.
The malware is based on subscription-based models, and "Complexcodes," the anon developer of the application earns its money by charging 20 euros ($24) monthly fifty euros ($60) over three consecutive months and 125 euros ($150) each year.
The Malware Is a 'Shameless' Crypto Stealer, Researchers Say
The cybersecurity firm gives more information on the malware:
"In in order to "steal" cryptocurrency from a victim, Westeal uses regular expressions to look for strings matching the patterns of bitcoin and ethereum wallet identifiers being copied to the clipboard. When it matches these, it replaces the copied wallet ID in the clipboard with one supplied by the malware. The victim then pastes the substituted wallet ID for a transaction, and the funds are sent instead to the substitute wallet."
Still, Palo Alto Networks qualifies Westeal as a "shameless" malware:
"Westeal is a shameless piece of commodity malware with a single, illicit function. Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. The low-sophistication actors who purchase and deploy this malware are thieves, no less so than street pickpockets. Their crimes are as real as their victims. The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves."
A cryptocurrency-related malware program has been advertised on darknet forums as the "leading way to make money in 2021," raising alarms among the cybersecurity community. Palo Alto Networks published a report on the malware app Westeal that outlines the program's connections to other kinds of malware, which steals large streaming service accounts.
Westeal Claims to Be Immune Against Major Antivirus Software
According to cyber security company, "Westeal" is an development of "Wesupply Crypto Stealer," another malicious crypto application that has been sold in May of this year. The research suggests that the Wesupply evolution was advertised in February 2021.
The study reveals that Westeal was designed to basically take Bitcoin (BTC) and the cryptocurrency ethereum (ETH) going into or out of the victim's wallet via their clipboard.
Moreover, people who acquire the malicious app get access to a web-based panel to handle all the operations which includes a "victim tracker panel."
One aspect that is causing concern of Palo Alto Networks is the fact that Westeal is believed to be immune to antivirus software that is a major world market onion component.
The malware is based on subscription-based models, and "Complexcodes," the anon developer of the application earns its money by charging 20 euros ($24) monthly fifty euros ($60) over three consecutive months and 125 euros ($150) each year.
The Malware Is a 'Shameless' Crypto Stealer, Researchers Say
The cybersecurity firm gives more information on the malware:
"In in order to "steal" cryptocurrency from a victim, Westeal uses regular expressions to look for strings matching the patterns of bitcoin and ethereum wallet identifiers being copied to the clipboard. When it matches these, it replaces the copied wallet ID in the clipboard with one supplied by the malware. The victim then pastes the substituted wallet ID for a transaction, and the funds are sent instead to the substitute wallet."
Still, Palo Alto Networks qualifies Westeal as a "shameless" malware:
"Westeal is a shameless piece of commodity malware with a single, illicit function. Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. The low-sophistication actors who purchase and deploy this malware are thieves, no less so than street pickpockets. Their crimes are as real as their victims. The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves."
