What is cryware?

cryware is an information stealer, a type of Trojan that collects and exfiltrated data from non-custodial cryptocurrency wallets. Besides this, it is also known as hot wallets.

What is a crypto wallet?

A crypto wallet is an app that allows cryptocurrency users to store and retrieve their digital assets. As with conventional currency, you don’t need a wallet to spend your cash, but it certainly helps to keep it all in one place. When a user acquires cryptocurrency, such as bitcoins. Users can store it in a cryptocurrency wallet and from there use it to make transactions.

Nowadays cybercriminals are using different techniques to get hold of a user’s crypto wallets. Now, researchers at Microsoft are observing a new threat referred to as cryware. Cryware is an information stealer, a type of Trojan that collects data from non-custodial cryptocurrency wallets. These wallets are also known as hot wallets. Unlike custodial wallets, where users store their private keys— the equivalent of a password with a third party like a crypto exchange. hot wallets are stored locally on one’s computer device which provides easier access to cryptographic keys needed to perform transactions.

According to Microsoft, attackers who gain access to hot wallet data can use it to quickly transfer the target’s cryptocurrencies to their own wallets. we must have to accept that such theft is irreversible. Blockchain transactions are final even if they were made without a user’s consent or knowledge. “Unlike credit cards and other financial transactions, there are currently no available mechanisms that may help reverse fraudulent cryptocurrency transactions or protect users from such,” Microsoft said in a blog post.

On the other hand, cryware may cause a severe financial impact because transactions can’t be changed. Once they’re added to the blockchain. For instance, in 2021, a user posted about how he lost $78,000 worth of Ethereum after storing their wallet seed phrase in an insecure location. An attacker likely gained access to the target’s device and installed cryware that discovered the sensitive data. Once this data was compromised, the attacker emptied the targeted wallet.

The increasing popularity of cryptocurrency has also led to the emergence of cryware like Mars Stealer and RedLine Stealer. These threats aim to steal cryptocurrencies through wallet data theft, clipboard manipulation, phishing, scams, or even misleading smart contracts.

As cryptocurrency investing continues to become mainstream, users should be aware of the different ways attackers attempt to compromise hot wallets. Here’s what Microsoft suggests:

  • Users should lock hot wallets when not actively trading. This feature in most wallet applications can prevent attackers from creating transactions without the user’s knowledge.
  • When a user isn’t actively doing a transaction on a decentralised finance (Defi) platform. Then a hot wallet’s disconnect feature ensures that the website or app won’t interact with the user’s wallet without their knowledge.
  • Never store seed phrases on the device or cloud storage services. Instead, write them down on paper (or something equivalent) and properly secure them.
  • When copying a wallet address for a transaction, double-check if the value of the address is indeed the one indicated on the wallet.
  • Never share private keys or seed phrases. Under no circumstances will a third party or even the wallet app developers need these types of sensitive information.
  • Use a hardware wallet unless it needs to be actively connected to a device. Hardware wallets store private keys offline.