Kaspersky Survey: Cryptotheft Experiences

October 22, 2023

Insights from Kaspersky survey on cryptotheft experiences. Explore the findings and enhance your cryptocurrency security. According to Kaspersky, a security company that offers online and crypto-related services, users of cryptocurrency should be extra vigilant and make use of any extra security measures that are available. This includes backing up their seed phrases and using cold-storage wallets.

Cybercriminals are constantly looking for new ways to exploit unwitting cryptocurrency owners, stealing their coins and phishing them out of their accounts. The number of malicious browser extensions has been growing rapidly, with new variants being introduced twofold every quarter.

Browser extensions

Browser extensions are great for enhancing functionality and boosting productivity, but not all of them are created equal. Unknown extensions can be downright malicious, and their installation often goes unnoticed. For instance, they can generate profit for their creators by secretly clicking on pay-per-click ads or by stealing cryptocurrency. They can also steal user data and hijack their computer.

This sort of behavior is not uncommon, as extensions can be hacked and updated to include malware. This is mostly the case for extension that come from unofficial sources, but even extensions that are sold in official marketplaces can become tainted. For example, malware has been found in extensions that posed as innocuous sticky notes apps and that were installed by users through Chrome Web Store.

As a result, it is important to be picky with the extensions you install. Only download the ones you need and delete the others. It is also a good idea to review permissions for the extensions you do have. If an extension suddenly requests new permissions, it is probably better to uninstall it.

Another risk associated with extensions is that they can slow down your browser’s performance, especially if you have many of them installed. In some cases, the extra memory and resources used by extensions can lead to a sudden drop in PC performance, which is usually indicative of a security problem.

Some of the more malicious extensions are designed to steal crypto from unsuspecting users. For example, a recently-discovered malware sample stole crypto from victims by hijacking their computers, running extensions and then redirecting attempted transactions. It also logged the victim’s operating system, architecture, username and more with Windows Management Instrumentation (WMI).

The malware is called CryptKit, and it has been detected in several extensions for different browsers. The good news is that you can protect yourself from such attacks by installing and running a reputable antivirus solution like Kaspersky KEYPROTECT. This software can detect and neutralize malware in your extensions. Additionally, you can also use additional tools for avoiding cryptotheft, such as backups and cold-storage wallets.

Cryptojacking

Cryptojacking is a type of malware that hijacks victims’ computers to mine cryptocurrency. It does not damage devices or data, but it steals their processing power to mine digital currencies for cybercriminals. While cryptojacking may seem harmless to individual consumers, it can cause serious harm to businesses. Slower computer performance reduces productivity and drives up electricity costs. It can also leave businesses vulnerable to other attacks.

The Kaspersky report found that more than a third of Americans who own cryptocurrency have fallen victim to scams. Those scams include identity theft, loss of payment details and stolen funds from their bank accounts. While some of these scams use well-known tactics such as phishing websites and giveaway scams, others use new methods to target victims. For example, one scam involves PDF files claiming to be legitimate government documents that must be paid for in cryptocurrency.

Criminals typically exploit open source code and public application programming interfaces (API) to infect devices with cryptojacking malware. These tools can be downloaded through websites and apps, and they can also infect computers that have not been updated with the latest security patches.

While most cryptojacking incidents involve browser-based attacks that target Chrome and Firefox, other attacks occur on hosts and mobile devices. A malicious app called Black-T, for instance, infects servers by targeting exposed Docker daemon APIs.

In 2018, researchers discovered a malicious cryptojacking script that ran on the Los Angeles Times website. When users visited the website, the script injected a Javascript that caused their devices to mine Monero. Other examples of cryptojacking include mining software that infects the ad spaces on YouTube videos and stealing computational resources from visitors to online games.

As with phishing and ransomware, the best way to avoid cryptojacking is to install a strong internet security suite and keep your devices up to date. A good web security suite can help prevent cryptojacking by blocking infected sites and preventing unpatched plugins from running. It can also detect suspicious activity and keep track of how much CPU power is being used by each app.

Phishing

Cryptocurrency has become a popular investment option, but despite its popularity, it hasn’t prevented users from falling victim to scams and theft. In fact, a third of people who own crypto have lost their assets in various ways, according to cybersecurity firm Kaspersky. Oftentimes, this happens because of phishing attacks. This type of attack involves impersonating a trusted website or individual and attempting to steal their login credentials.

These hackers can use this information to access victims’ wallets and steal their cryptocurrency. To prevent this from happening, you should never share your passwords, 2-step verification codes or private keys. In addition, you should always check the URL of any links in messages before clicking them. A reputable company would never ask you to provide this type of information in an email.

Phishing can also take many forms, including a fake app or website. For example, bad actors can create a fake app or website that claims to reset your password or help you recover a lost wallet. Once a victim clicks on this link, their account will be accessed by the attacker and their wallet will be stolen. This is known as crypto phishing.

Another type of phishing is called whaling. This is a more targeted attack that targets high-profile individuals like CEOs and CFOs. Malicious actors create a personalized message that impersonates the person and then persuades them to reveal their sensitive information. Whaling attacks are particularly dangerous because they can expose a large amount of money or even sensitive business information.

The best way to avoid cryptotheft is to be careful where you invest your money and only use reputable exchanges. Additionally, you should always check a site’s reputation and look for any red flags. It’s also a good idea to use multi-factor authentication on any accounts that you have, and never share your passwords or security questions with anyone. It’s also important to be careful about what you post on social media, as revealing personal details can give criminals all the information they need to steal your funds. This includes things like pet names, school names, birthdays and family members.

Identity theft

The good news is that crypto thefts can be avoided if people take certain security measures. For example, users should use strong passwords and avoid clicking on links in suspicious emails. They should also install a trustworthy antivirus program on their devices. Moreover, they should keep their private keys on a secure computer and not share them with anyone. Furthermore, they should be careful when buying and selling cryptocurrency. Scammers can manipulate exchanges to steal money from users.

Another way to avoid being victimized is to use multiple devices. This will help them to avoid being locked out of their account if one device gets compromised. In addition, users should always keep their computers up to date and never download pirate files. They should also make sure that their web browsers have the latest security patches. This will protect them against many different attacks including malware, ransomware, and phishing.

People should also beware of scammers who claim to be law enforcement or bank officials. Some of these scams even involve fake security alerts. For example, people have reportedly been told that their bank is investigating a suspicious transaction. This type of scam can result in huge losses and significant stress.

Additionally, consumers should be wary of fraudulent websites and investment scams. Some of these websites and apps have names that sound similar to well-known services. This can lead to people mistakenly entering their personal information into these sites. This could cause them to lose their cryptocurrency or other assets.

Finally, people should be careful of criminals who try to steal their phone number or port it to a different service provider. This is because criminals can use this information to access 2-factor authentication codes and get into their accounts. In addition, they can also intercept text messages and calls to their financial institutions.

According to Kaspersky, the most targeted country in Q3 2022 was Ethiopia, followed by Kazakhstan and Uzbekistan. These countries are known for their illegitimate mining activities, which can result in a large number of cryptocurrencies being stolen. In order to prevent this from happening, users should use a reliable security solution that will detect mining malware and stop it from running on their devices. In addition, they should encrypt their data on all of their devices and use strict cybersecurity policies in their workplaces.

Ammar Fakhruddin

ABOUT AUTHOR

Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.


Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events

Solutions

Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing

Resources

Blog

About Us