Following the spread of Facebook malware and WhatsApp phoney job postings in the United Kingdom, a new threat targeting cryptocurrency users looking for Bitcoin mining software has surfaced on YouTube.
It has been alleged that “PennyWise” crypto-malware has been spreading over the video platform.
The new cryptocurrency malware has been tricking users to download software, which will steal the data from 30 crypto wallets of the user and browser extensions as well!
Not just wallets, this malware has been reportedly targeting cold crypto wallets like – Zcash, Armory, Bytecoin, Jaxx, Exodus, and etc.
According to Cyble in a blog post, the fraudsters are spreading PennyWise as free Bitcoin mining software all around the world. They have so far released over 80 YouTube videos that include a link to download the malware.
Those looking for Bitcoin mining software on YouTube should be extremely cautious of this spyware or they will become victims.
PennyWise has targeted over 30 Chrome-based browsers, as well as over 5 Mozilla, Opera, and Microsoft Edge browsers.
The malware can also grab screenshots and hijack conversation sessions from services such as Telegram and Discord.
The Cyble Blog states: “Pennywise is an emerging stealer which is already making a name for itself. We have witnessed multiple samples of Pennywise out in the wild, indicating that Threat Actors may already be deploying it.”
As per the cyber intelligence company, the malware has not been designed from users in countries like Russia, Ukraine, Belarus and Kazakhstan.
The company states: “This could indicate that the TA is trying to avoid scrutiny by Law Enforcement Agencies in these particular countries.”
How to be safe?
If you are interested in bitcoin, you need be cautious and not click on any link you find on the internet. You should never download pirated software from unfamiliar websites.
You must have a strong password and have it updated at regular intervals to keep it safe from such malicious behaviour.
To improve security, you must implement multi-factor authentication.
Never, ever open unknown links or email authenticity!