Threat Management, Malware, Ransomware

Info-stealing ‘cryware’ targeting cryptocurrency wallets

A Bitcoin logo is seen during the Bitcoin 2022 Conference at Miami Beach Convention Center on April 8 in Miami. (Photo by Marco Bello/Getty Images)

Microsoft announced Tuesday that its researchers observed the emergence of a threat type of malware that is collecting and exfiltrating data directly from cryptocurrency wallets.

In a blog post by the Microsoft 365 Defender Research Team, they’re calling the information-stealing malware “cryware.” The crypto wallets, also known as “hot wallets,” are stored locally on a device and provides easier access to cryptographic keys needed to perform transactions, the researchers wrote.

Instead of depending on ransomware targets to manually transfer cryptocurrency as ransom payment or using cryptojackers to mine crypto, attackers using cryware can target hot wallet data to quickly transfer the cryptocurrencies to their own wallets. 

“Unfortunately for the users, such theft is irreversible: blockchain transactions are final even if they were made without a user’s consent or knowledge,” the researchers wrote. 

The attackers use clipping and switching, memory dumping, phishing and other scams to attempt to steal hot wallet data.

The Microsoft researchers provided details of the attack surfaces, as well as best practices for securing cryptocurrency transactions, which include locking hot wallets when not actively trading and disconnecting sites connected to the wallet. 

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.