Threat Management

Fake Microsoft DirectX 12 site pushes crypto-stealing malware

BleepingComputer reports that a fake Microsoft DirectX 12 download page is spreading cryptocurrency-stealing malware.

The fake website comes with a disclaimer, a DMCA infringement page, a contact form and a privacy policy, which makes it appear legitimate. However, upon clicking the download button, users will be sent to an external page that instructs them to download a file that is either named or, depending on the 32-bit or 64-bit version chosen. Both files will attempt to steal the victim’s passwords, files and cryptocurrency wallets, including those for Aomtic, Coinomi, Electron Cash, Jaxx and Ledger Live.

This information-stealing malware will try to steal the user’s cookies, installed programs, system information and files, and will even take a screenshot of the victim’s desktop. These data will be gathered in a %Temp% folder, which will then be zipped and sent back to the attacker, and may be used for other malicious activities.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.