Fake Cryptocurrency App Lures Victims Into Installing Ransomware

Cyber researchers at Fortinet have managed to unearth a cryptocurrency app that is actually a ransomware in disguise.
 

The cybersecurity firm, in its report, indicated SpriteCoin app to be a new kind of ransomware technique. It poses as a “sure-to-be-profitable” cryptocurrency, prompts targets into installing it for profits, and encrypts their files. The ransomware asks 0.3 units of Monero (~$100) to counterbalance the attack with a decryption key. But once the targets pay the sum, they further get harassed by receiving more malware attacks.
 

SpiteCoin seems to have an embedded SQLite engine. The revelation has led researchers to believe that the database management system is being used to store harvested credentials. The Fortinet report explains:
 

“The ransomware first looks to harvest Chrome credentials, and if it finds nothing it then moves on and tries to access the Firefox credential store. It then looks for specific files to encrypt. These files are then encrypted with [a] .encrypted file extension.”

 

In simple words, the passwords stored in target’s Chrome or/and FireFox are sent to remote servers, where they are likely to be accessed by the attackers for every wrong purpose.
 

Social Engineering to Lure Targets

SpriteCoin is the one-of-the-first kind of malware attacks which is delivered in the form of a cryptocurrency wallet. The traditional ransomware techniques, on the other hand, rely on phishing websites and emails. But the underlying technique of every ransomware remains the same: social engineering.
 

It is to be noted that every ransomware out there pretends to offer something ridiculously attractive in return for some confidential information/file download. These messages may contain a compelling story and context – a cliffhanger – to make you either click on the attached links or files. It is always recommended to follow a think-first-act-later policy.
 

Bitcoin Losing Steam in Ransomware Department

The SpriteCoin ransomware also proves reports indicating the hackers’ depreciating interest in demanding payments labeled in Bitcoin. Just recently, a California-based enterprise cybersecurity firm noted a steep 73% decline in the Bitcoin ransomware demands. Synchronically, it was assumed that hackers will choose a local fiat or an alternative cryptocurrency over the Nakamoto’s brainchild.

...

Source