The plans of the security researcher under with the twitter username 0xffff0800 to spend a relaxing movie night at home did not turn out as he expected since after downloading a movie from a torrent uploaded to The Pirate Bay, he found a new (and interesting) type of malware that almost infects his computer.
The film downloaded by the expert was a copy of “The Girl in the Spider’s Web” a film -ironically- with a hacker thematic. Instead of containing the movie, the folder had a file with the name of the movie and a .lnk extension which, upon being opened, executed a malicious command that deployed an ad-injector on various search engines such as Google and Yandex (a very popular search portal in Russia and surrounding countries).
After detecting the threat, 0xffff0800 shared its finding on social networks and uploaded an example of the file for other fellow researchers to analyze. Apparently, one of the hobbies of this expert is “collecting” malware.
People at Bleeping Computer took a closer look at the archive, and their findings were more surprising. The malware hid much more than it appeared to the naked eye.
The malicious activity extends to other web pages, including Google and Yandex search results, and on Wikipedia entries. Another goal is to monitor web pages for Bitcoin and Ethereum wallet addresses and replaces them with others belonging to the attacker.”
The main objective of attacking search engines is to affect the results to position in the first places of the results a series of web pages with “injected” ads.
However, the attackers were not only looking to make money out of ads. The group of hackers who programmed the malware also coded it in such a way that if the victim were to visit Wikipedia, the malware would insert a fake donation button showing two Bitcoin and Ethereum wallet addresses available for those willing to contribute to the encyclopedia. According to Bleeping Computer, the hackers had raised nearly $700 worth in crypto.
The use of malware is not new to the blockchain industry, over the past year, there has been a boom in the use of such tools to get money via stealth crypto mining. Monero (XMR) was the main blockchain used for this practice back in 2017 and 2018.