Microsoft Warns Users To Defend Wallets Against ‘Cryware’

Microsoft coined Cryware on Tuesday, which refers to the theft of virtual currencies through fraudulent transfers to adversary-controlled wallets, while addressing the malware threat that’s focused on stealing cryptocurrencies,

Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets.

Berman Enconado and Laurie Kirk of Microsoft 365 Defender Research Team mentioned in the company’s new blog post that “because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.”

The blog further reads, “Before cryware, the role of cryptocurrencies in an attack or the attack stage where they figured varied depending on the attacker’s overall intent.”

However, this is not the first time a term has been coined by the cybersecurity community to describe crypto-related threats. In 2017, security researchers coined Cryptojacking to describe malware that privately mines cryptocurrencies.

The emergence of cryptocurrency enabled existing threats to evolve their techniques to target and abuse the system. According to the blog, cryware currently encompasses the following threats:

• Cryptojackers that secretly consume a target’s device to mine cryptocurrency
• Ransomeware that uses cryptocurrencies as ransom payments to dodge detection
• Info-stealer that siphons hot wallet data besides other valuable information stored in the system
• ClipBankers embezzle cryptocurrency during transactions by monitoring the user’s clipboard and replacing the wallet address with a malpractitioner’s address

Microsoft recommends cryptocurrency users stay safe by avoiding storing any private key data for wallets in plain text. Moreover, users must also lock their wallers while not actively trading on the internet and cross-check every data when it comes to transferring funds.