Researchers find Bitcoin sextortion malware also mines Monero – The Next Web

Analysts have reportedly discovered the source of the sextortion emails thatve plagued the internet since last yearthe ones that demand Bitcoin BTC or else theyll leak videos of you masturbating to kinky pornography.

Reason Cybersecurity researchers dubbed the malwareSave Yourself, as recipients typically receive the bogus emails from senders like SaveYourself@856.com.

The emails state that dangerous malware has infected the recipients machine, but Reason found this isnt the case.

Instead, the firm discovered the malware forcing devices to act as blackmail proxies isalso secretly mining privacy-focused cryptocurrency Monero, with all funds generated going directly the attackers.

The firm was clear to point out that receiving the Bitcoin sextortion email doesnt automatically mean infection, just that the recipientsemail address hasbeen exposed in a password dump.

Researchers ironically found, however, that many sites offering products to supposedly remove theSave Yourself malware were actually peddling malware.

It is very possible that the malware author has gathered and combined several viruses and modified them to suit their own needs, said Reason.

To date, analysts found more than 110,000 users have been infected with theSave Yourself malware.

Reason reported that the malware is designed to remain under the users radar. In particular,Save Yourself only uses 50 percent of the infected machines CPU to mine Monero, so as not to raise suspicion.

The malware can also reportedly read clipboard data and replace Bitcoin wallet addresses with its own, presumably to redirect cryptocurrency transactions to the attackers.

Save Yourself is also said to compromise any executable found on the target machine to ensure automatic infectionany time the user runs such files.

The desired executable will then run as it should, so the user wont suspect that theres anything wrong, said Reason. Nor will anything look suspicious when analysing the sample since at first glance, it will look like known software (icon, signature, strings, functionality).

The firm noted that most anti-virus solutions should detect and clear the malware. As well, major email providers are automatically protecting users against the sextortion emails.

Hard Fork previously reported, though, that the attackers are pivoting, now demanding Litecoin instead of Bitcoin so as to dodge email filters.

Want more Hard Fork?Join usin Amsterdam on October 15-17 to discuss blockchain and cryptocurrency with leading experts.

Published October 14, 2019 15:12 UTC

See the original post:
Researchers find Bitcoin sextortion malware also mines Monero - The Next Web