On May 17, the Microsoft Cooperation, in an effort to protect hot wallets users from potential attacks, warned of the emergence of a new breed of threat called crywares.
Microsoft coined the term crywares to describe a new breed of malware being developed in response to the cryptocurrency’s rising market cap, which peaked at around $3 trillion in 2021.
The number of attacks and threats targeting cryptocurrencies continues to increase as crypto investments spread to a broader audience. Malware are being created and developed to steal crypto assets from unsuspecting investors.
According to Microsoft, crywares targets, collects, and exfiltrates data directly from hot wallets, also known as non-custodial cryptocurrency wallets. “Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.” Stated Microsoft.
The company noted crywares as a shift in attackers’ use of cryptocurrencies to steal crypto assets. For example, ransomware uses crypto tokens as a payment method, which the victim transfers manually, while cryptojackers install miners on target devices.
Crywares, on the other hand, target crypto wallets to quickly and irrevocably transfer digital assets to the attacker’s wallet. “Unlike credit cards and other financial transactions, there are currently no available mechanisms that could help reverse fraudulent cryptocurrency transactions or protect users from such,” explained Microsoft.
The attack process is automated as attackers can use regular expressions called regexes to find hot wallet data such as private keys, wallet addresses, and seed phrases as they follow a pattern of characters or words. This means that crywares can steal hot wallet data by scanning a user’s clipboard for patterns that look like wallet addresses. Also, they can use memory dumping to steal seed phrases from a browser in plain text.
Additionally, Microsoft advises using security solutions like Microsoft Defender Antivirus to detect and block crywares and many other malicious files.