![]() With many crypto-related communities moving to Discord to share information, the platform has become a major target for scammers and now hackers looking to take advantage of the communities. ![]() Naturally, this growing trend in the crypto space has opened up a new vector for threat actors to exploit.” Discord Abused In recent years, NFTs have exploded in popularity, and are now starting to enter the mainstream consciousness. For those who are not familiar with NFTs (Non-fungible tokens): the term refers to unique tokens that provide proof of ownership on data that is stored on the blockchain technology. It is precisely for this reason, as well as the fact that NFTs are rising in popularity, that we have decided to take a look at this particular campaign distribution in more detail. However, many of the recent infections we have seen appear to be related to a sophisticated campaign that exclusively targets the Crypto, NFT, and DeFi communities. “Since May 2021, we have observed several malware distribution campaigns. The latest campaign, which was first detected in May 2021 and seems to primarily target the cryptocurrency and NFT communities. For victims using such security products, infection is highly-likely, according to security researchers.įurther, researchers also noted that crypter has been used to drop secondary malware payloads including information stealers, RATs, and even LockBit ransomware. The crypter used in the scam has been named Babadeda, a Russian language placeholder used by the crypter itself which translates to “Grandma-Grandpa”, and can evade detection by signature-based antivirus products. As such, one input source file never produces an output file that is identical to the output of another source file. Polymorphic crypters use state-of-the-art algorithms that utilize random variables, data, keys, and decoders to create unique encryption routines per file. The threat actor will create a unique stub for encryption, once security software can detect the crypter, a new stub can be created to start the cycle again. Static crypters make use of encryption stub data, simply a stub is a non-executable file used to decrypt the encrypted malware. Crypters broadly come in two forms, static or polymorphic. They are typically used by threat actors to pass off malware as legitimate and non-harmful software applications. Crypter malware can be seen as a specific type of malware that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. The latest to affect the cryptocurrency and Non-Fungible Token ( NFT) community involves a threat actor targeting enthusiasts on the popular messaging platform Discord.Īccording to an article published by security firm Morphisec, Discord is being used to distribute crypter malware. This section is a school, not a kiosk where you can bargain for these.To say that the cryptocurrency market, now valued at 2.5 trillion USD, has seen its fair share of scams would be an understatement. I am not including any password for the file, no PPD, no begs for replies or PMs. ![]() The stub is also commented to help you get an idea. The source is commented on its most critical parts (compiling, encrypting, structuring the stub). ![]() Some tips might include moving the runpe to an encrypted dll in resources, refactoring the code, replacing methods with alternative ones etc. This source code was written for educational purposes. Various other people for various reasons. Managed resources storage method (CodeDom).I decided to write an example crypter in C# to help people who like C# get an idea of how crypters work. It's been a long time since the last time I've seen a crypter example written in C# that demonstrates various methods.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |