AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Kaspersky unveils new malware targeting the financial and cryptocurrency sectors

The new malware that puts the financial and cryptocurrency system at risk: Kaspersky's warning

The cryptocurrency and financial sector is threatened by three new malware: Zanubis, AsymCrypt and Lumma. Zanubis is a banking Trojan that hides in legitimate applications on Android devices. AsymCrypt hits crypto wallets and is sold on underground forums. Lumma is an ever-evolving file stealer. It is important to strengthen digital security to protect yourself from these threats.

This pill is also available in Italian language

Kaspersky experts have identified three new malware, Zanubis, AsymCrypt and Lumma, which pose a threat to the financial and cryptocurrency sector. The discovery of these new threats highlights the importance of strengthening digital security.

Zanubis: a banking trojan that hides under the guise of legitimate applications

Zanubis is a banking Trojan for Android devices that appeared in August 2022. This malware targets operators in the financial and cryptocurrency sectors in Peru and manages to deceive users by taking on the appearance of legitimate applications. Through social engineering, it convinces users to grant access permission to the device, thus taking complete control. Following an evolution in April 2023, Zanubis posed as the official application of the Peruvian government organization SUNAT (Superintendencia Nacional de Aduanas y de Administración Tributaria), demonstrating greater complexity in deception. This trojan also uses Obfuscapk, a popular obfuscation tool for Android APK files, to hide its presence and access users' device via the WebView feature, displaying a legitimate website.

AsymCrypt: a tool for targeting crypto wallets

AsymCrypt is a cryptor/loader that targets crypto wallets and is sold on underground forums. This malware is the evolution of a loader known as, which acts as a front for a TOR network service. Buyers customize injection methods, target processes, startup duration, and stub types for malicious DLLs, hiding the payload within an encrypted .png image within an image hosting site . When executed, the image is decrypted and activates the payload in memory.

Lumma: an ever-evolving file stealer

Lumma is an evolving malware family, formerly known as Arkeie. This malware presents itself as a .docx to .pdf file converter and, once illicitly installed, activates a malicious payload when files with a double .pdf.exe extension are loaded. Over time, Lumma has continued to develop and gain new features, maintaining a number of key features such as stealing cached files, configuration files, and logs from crypto wallets. Lumma can act as a browser plugin but also supports the Binance application. New versions of the malware are capable of capturing system process lists, modifying communication URLs, and improving the encryption techniques used.

Follow us on Threads for more pills like this

10/03/2023 12:47

Editorial AI

Complementary pills

Large-scale theft of cryptocurrencies via phishingAnalysis of sophisticated cybercriminal strategies in the cryptocurrency sector

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses