Phishers targeting mainstream interest in crypto

Cybercriminals are exploiting interest in cryptocurrency and non-fungible tokens by incorporating cryptocurrency into the phishing landscape, according to Proofpoint researchers.

Proofpoint Senior Director of Threat Research and Detection Sherrod DeGrippo said the company’s researchers have observed techniques such as credential harvesting, cryptocurrency transfer solicitation like business email compromise, and the use of malware stealers targeting crypto credentials.

“Cybercriminal threats to cryptocurrency are not new; however, as the general public experiences growing adoption of cryptocurrency, people may be more likely to engage with social engineering lures using such themes,” he said.

“Crypto went mainstream with Superbowl ads this year and threat actors have taken note of the opportunity for a quick payday. There is no easier method of financial extraction than the illicit transfer of cryptocurrency.”

Threat actors are targeting master or extended private keys capable of transferring all funds associated with child keys generated from those keys, DeGrippo said.

There are three main categories of phishing campaigns targeting cryptocurrency: credential harvesting, transfer solicitation and commodity stealers that target cryptocurrency values.

Meanwhile, business email compromise campaigns are being adapted to target cryptocurrency credentials, and old information-stealing malware is being updated to check for crypto-specific artefacts. This will typically involve looking for a wallet.dat file which contains public and private keys, transaction history and a user’s wallet address.

Image credit: ©stock.adobe.com/au/nicescene