Η Check Point Research (CPR) its research department Check Point Software spotted one botnet variant who has stolen nearly half a million dollars worth of cryptocurrencies through a technique called "crypto clipping".
Η new variant, called Twizt, his descendant Phorpiex, steals cryptocurrencies during transactions, automatically replacing the recipient's address with that of the perpetrator.
Η CPR warns cryptocurrency holders to be careful who they send money to, as they have been recorded 969 interception transactions and counting continues. The Twizt can operate without active servers DC, which allows it to bypass security mechanisms.
- Over a period of 12 months, 3,64 Bitcoin, 55,87 Ether and $ 55.000 in ERC20 tokens were stolen.
- 26 ETH stole a case
- The majority of the victims live in Ethiopia, Nigeria and India
Η Check Point Research (CPR) spotted a new variant of it Phorpiex, a botnet known for sextortion and crypto jacking. The new variant, called Twizt, runs without active administration and control servers, which means that any infected computer can expand the botnet. CPR estimates that Twizt has stolen nearly half a million dollars worth of coins.
Its new features Twizt they led her CPR to believe that the botnet can become even more stable and, therefore, more dangerous.
How Twizt works
The Twizt utilizes a technique called "cryptoclipping", which is the theft of cryptocurrencies during transactions through the use of malware that automatically replaces the wallet address intended with the perpetrator's wallet address. This results in the amounts going into the wrong hands.
The Victims
Over a period of one year, from November 2020 to November 2021, the Phorpiexbots they stole 969 transactions, stealing 3,64 Bitcoin, 55,87 Ether and $ 55.000 in ERC20 tokens. The value of the stolen goods at current prices is almost half a million US dollars. Several times the Phorpiex managed to steal large amounts of transactions. The largest amount was 26 ETH for an Ethereum transaction.
Comment: Alexander Chailytko, Cyber Security Research & Innovation Manager at Check Point Software:
That makes it Twizt more stable than previous versions of Phorpiex bots. Second, like the older versions of Phorpiex, the Twizt is able to steal cryptocurrencies without any communication with DC, therefore, it is easier to bypass security mechanisms, such as firewalls, in order to do damage. Third, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including the most important ones, such as Bitcoin, Ethereum, Dash, Monero.
This creates a huge range of attack, and virtually anyone using encryption could be affected. I strongly urge all cryptocurrency users to double check the wallet addresses they copy and paste, as they could easily mistakenly send their cryptocurrencies to the wrong hands.
Security tips
- Check the wallet address. When users copy and paste an address of a cryptowallet, they should always double check that the original and pasted addresses are the same.
- Try the transactions. Before sending large amounts of cryptocurrencies, a trial transaction with a minimum amount needs to be done first.
- Stay informed. The operating system must be up to date and not download software from unverified sources.
- Skip the ads. When searching for wallets or cryptocurrency trading platforms, they should always choose the first site in the search and not the ads. These can be misleading, as CPR has found many pricing in google, which aim to extract money.
- Observe the addresses URL. They should always double check the URLs!
Press Release
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
