Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model
A cryptocurrency-related malware program has been advertised on world market darknet forums as the “leading way to make money in 2021,” raising alarms among the cybersecurity community. Palo Alto Networks published a report on the malicious app Westeal that outlines the program’s connection to other kinds of malware that steals major streaming services accounts.
Westeal Claims to Be Immune Against Major Antivirus Software
According to the security firm that handles cybersecurity, “Westeal” is an improvement of “Wesupply Crypto Stealer,” another malicious crypto software which has been available from May to the end of 2020. Findings suggest that Wesupply’s evolution was advertised in February 2021.
The study points out that Westeal was created to take Bitcoin (BTC) and ethereum (ETH) being taken in or out of the wallets of victims by using their clipboard.
Furthermore, those who download the malicious application gain access to a web panel that handles all operations that are required, including the “victim tracker panel.”
One aspect that is causing concern from Palo Alto Networks is the fact that Westeal appears to be immune to antivirus software that is a major component.
The malware runs on subscription-based models, and “Complexcodes,” the anon developer of the application earns money by charging 20 euros ($24) monthly and 50 euro ($60) for three months and the 125 euros ($150) per year.
The Malware Is a ‘Shameless’ Crypto Stealer, Researchers Say
The cybersecurity firm offers more details on the threat:
“In order to “steal” cryptocurrency from a victim, Westeal uses regular expressions to look for strings matching the patterns of bitcoin and ethereum wallet identifiers being copied to the clipboard. When it matches these, it replaces the copied wallet ID in the clipboard with one supplied by the malware. The victim then pastes the substituted wallet ID for a transaction, and the funds are sent instead to the substitute wallet.”
Still, Palo Alto Networks qualifies Westeal as a “shameless” malware:
“Westeal is a shameless piece of commodity malware with a single, illicit function. Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. The low-sophistication actors who purchase and deploy this malware are thieves, no less so than street pickpockets. Their crimes are as real as their victims. The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves.”