A malicious scammer has allegedly been targeting Dogecoin users by applying credential-stealing malware, according to the latest report by a cybersecurity company Dr. Web.
The Russian-based online security firm reported that their inquiry of the activities carried out by the crypto scammer found them applying various “commercial Trojans” that are mostly accessible via secret internet forums like the dark web.
Reaping Where You Did Not Sow
Identified as the Investimer, Mmpower, or Hyipblock, the fraudster was established to be reaping where he did not sow with the help of malicious Trojans like “Eredel, AZORult, kpot, kratos, N0F1L3, ACRUX, Predator The Thief, Arkei, and Pony,” noted Dr. Web.
The online security experts realized that the malicious scammer has been utilizing the DarkVNC, which is alleged “a TeamViewer-based Spy-Agent backdoor,” in addition to employing HVNC backdoors, to acquire entry to Dogecoin users’ personal computers.
Numerous Backdoor Programs Utilized
To gain access to users’ personal computers, the hacker also employed the Virtual Networking Computing (VNC) protocol, a simple, lightweight protocol that enables users to gain entry to Graphical User Interfaces (GUIs), like those created by Windows operating system.
Besides, the scammer used backdoors “based on RMS,” and “widely applied the Smoke Loader.” As clarified by the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), a Smoke Loader is “a small app used to download other malware. It is commonly circulated through spam operations and exploits kits. The Trojan also dodges detection by modifying the timestamp of its implementation to bar the malware from being located by searching recently installed files.”
Dr. Web further stated that the hacker applied another Loader created by Danij and a Trojan miner, which contains built-in “clipper” for altering victims’ clipboard information. To execute the attacks, Investimer “hosts the control servers” on platforms like jino.ru, host life, and morosnet.ru.