WeSteal: A Shameless Cryptocurrency Stealer Sold In The Underground
While some malware authors will try to create an air of legitimacy around their products to cover themselves from potential criminal cases in the future, one developer of a cryptocurrency stealer isn't even trying.
According to Palo Alto Networks, malware authors peddling their creations in underground forums will often pretend their products are for educational or research purposes only -- a limp attempt to create a legal defense, just in case.
However, a developer making the rounds with a new commodity cryptocurrency stealer has been described as "shameless" by the team.
Indeed, the malware -- named WeSteal -- is marketed as the "leading way to make money in 2021."
Cryptocurrency theft malware, WeSupply Crypto Stealer, has been sold online since May 2020 by a developer under the name WeSupply, and another actor, ComplexCodes, started selling WeSteal in mid-February this year.
An investigation into the sellers, thought to be co-conspirators, has also revealed potential ties to the sale of account access for streaming services including Netflix, Disney+, Doordash, and Hulu.
The team believes that WeSteal is an evolution of the WeSupply Crypto Stealer project. Marketing includes "WeSupply -- You profit" and claims that WeSteal is the "world's most advanced crypto stealer."
An advertisement for the malware includes features such as a victim tracker panel, automatic start, antivirus software circumvention, and the claim that the malware leverages zero-day exploits.
"It steals all Bitcoin (BTC) and Ethereum (ETH) coming in and out of a victim's wallet through the clipboard, it also has plenty of features like the GUI/Panel which is just like a RAT [Remote Access Trojan]," the advert reads.
Litecoin, Bitcoin Cash, and Monero have also been added to the cryptocurrency list.
The researcher's analysis of the Python-based malware revealed that the malware scans for strings related to wallet identifiers copied to a victim's clipboard. When these are found, the wallet addresses are replaced with attacker-controlled wallets, which means any transfers of cryptocurrencies end up in the operator's pocket.
While the malware is also described as having RAT capabilities, the researchers are not convinced, believing that WeSteal has something closer to a simple command-and-control (C2) communication structure rather than containing features usually associated with Trojans -- such as keylogging, credential exfiltration, and webcam hijacking.
The WeSteal developers offer C2s as a service and also appear to run some form of customer 'service' -- however, the current user base appears to be small.
"WeSteal is a shameless piece of commodity malware with a single, illicit function," the researchers say. "Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. It's surprising that customers trust their "victims" to the potential control of the malware author, who no doubt could, in turn, usurp them, stealing the victim "bots" or replacing customers' wallets [..] it's also surprising the malware author would risk criminal prosecution for what must surely be a small amount of profit."
A Remote Access Trojan (RAT), WeControl, was also added to the developer's roster after the report was published and awaits further analysis.
Previous and related coverage
- Meet Janeleiro: a new banking Trojan striking company, government targets
- ToxicEye: Trojan abuses Telegram platform to steal your data
- Gaming mods, cheat engines are spreading Trojan malware and planting backdoors
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more