Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels.
Threat actors are attempting to exploit the booming market for NFTs and crypto games. Babadeda is able to bypass antivirus solutions. According to the researchers, this crypto-malware was recently employed in several campaigns to deliver information stealers, RATs, and ransomware like LockBit.
Most of the attacks observed by the researchers that targeted crypto communities are based on the Discord platform, threat actors shared download links via Discord channels
“In the campaign that we observed, a threat actor took advantage of these features in order to phish victims. The threat actor sent users a private message inviting them to download a related application that would supposedly grant the user access to new features and/or additional benefits. Because the actor created a Discord bot account on the official company discord channel, they were able to successfully impersonate the channel’s official account.” reads the report published by Morphisec.
In one of the attacks analyzed by Morphisec, threat actor sent decoy messages to potential victims via Discord channels related to games such as Mines of Dalarnia. The messages urge the recipients to download an application. The link included in the message redirects users to a phishing domain that contains a download link for the Babadeda installer.
One of the decoy sites used in this campaign includes an HTML object written in Russian, a circumstance that suggests that the threat actors may have a Russian origin. The list of RATs used by this campaign includes BitRAT and Remcos.
“As demonstrated above, Babadeda is a highly dangerous crypter. Targeting cryptocurrency users through trusted attack vectors gives its distributors a fast-growing selection of potential victims. Once on a victim’s machine, masquerading as a known application with a complex obfuscation also means that anyone relying on signature-based malware effectively has no way of knowing Babadeda is on their machine — or of stopping it from executing.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, babadeda)
[adrotate banner=”5″]
[adrotate banner=”13″]
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
This website uses cookies.