Crypto-Stealing Virus Found in Torrented Movie File, Targeting Windows

Colin Muller

A package of extensive exploits found in a fake copy of a torrented movie falsifies search results and redirects cryptocurrency payments, if it can, reports the security website Bleepingcomputer.com.

The exploit suite, found in a fake copy of the movie The Girl in the Spider’s Web (garnering a 40% on Rotten Tomatoes), targets the Windows operating system only. While very robust, the exploit can only target fast-clickers, as the malicious file is not even a media playing filetype, but instead a .LNK shortcut. Bleepingcomputer cited security experts in saying that “weaponized .LNK files are common in pirated content.”

windowsLawl.png

The file opens many attack vectors. One of them produces fake ads and search results on Google and Yandex, by hijacking both Chrome and Firefox browsers to do its bidding, and downloads extensions it needs to function. It deviously redirects searches for things like “spyware” to custom, fake anti-spyware software which is in fact yet more malicious software.

Wikipedia is also targeted when users visit the site, with a fake donation box injected into the page that appears presenting bitcoin and ether addresses (neither has seemed to phish too much coin).

The exploit specifically targets crypto, too, by scanning websites for crypto addresses and replacing them with the attackers’ own addresses. The user, probably not noticing anything wrong, could then simply copy the wrong address into a transaction field. To protect themselves from these attacks, users are always advised to double check the addresses they're sending funds to.

Security in General

CryptoGlobe recently reported on the persisting vulnerability of South Korean exchanges, despite passing government-led security audits. Another report from ICORating, released only a week ago, claimed that a mere 16% of the top 135 cryptoasset exchanges got top marks on security. The majority of exchanges, the report found, had significant security oversites - including some big ones like Binance.

The overall trend of security involving cryptocurrency is that so-called “cryptojacking” - hijacking an unwitting user’s computer and using it to surreptitiously mine cryptocurrency (usually Monero) - is on the wane, while data theft targeting public and private organizations - a style of attack known as “ransomware" - is on the rise.

Businesses and other entities are often targeted by ransomware attacks by having their vital data encrypted, with attackers demanding cryptocurrency payments for the decryption keys.

OneCoin Denies Being a ‘Hybrid Ponzi-Pyramid Scheme’

The controversial OneCoin organization has recently responded to the Central Bank of Samoa, claiming it isn’t a “hybrid ponzi-pyramid scheme” as it doesn’t fir the definition of these schemes, and that it is a centralized, closed cryptocurrency.

According to the Samoa Observer, the Central Bank of Samoa claimed OneCoin is a “hybrid ponzi-pyramid scheme” that “laundered money through New Zealand to Samoa.” It also claimed the organization was targeting local residents through churches.

The organization, widely believed to be running a pyramid scheme using the cryptocurrency space, sent a statement to the Observer defending itself, claiming it’s neither a pyramid nor a Ponzi scheme. It’s worth noting individuals associated with OneCoin have been arrested and charged in various countries, including China and India.

In its response, OneCoin argued that Ponzi schemes see the revenue of old investors be “generated through the investment of new investors,” and that it doesn’t require its agents, known as Independent Marketing Associates (IMAs), to recruit others in order to earn bonuses.

Its defense revolves around IMAs not being “obliged to incur any additional expenses or recruit a new IMA,” and that they are rewarded for the “value of [their] sales,” not for recruiting new agents.

The organization added pyramid scheme regulations are these for “consumer protection,” and that its IMAs aren’t consumers. This, as when they join the organization they sign a contract classifying them as “self-employed business owners.”

The users which are part of the OneLife Network are NOT consumers. They are IMAs, meaning they are self-employed business owners.

As CoinDesk notes, OneCoin argues it isn’t a pyramid scheme because its agents aren’t seen as consumers and, as such, it can’t be classified under a dictionary definition of a pyramid scheme, and doesn’t force its IMAs to recruit new agents, although they’re incentivized to do so.

OneCoin, instead, argue it is a “centralized, closed cryptocurrency” with strict anti-money laundering (AML) and know-your-customer (KYC) rules, which make it “much more compliant than decentralized [cryptocurrencies].”

As reported, OneCoin’s leaders Ruja Ignatova and Konstantin Ignatov were recently indicted by the U.S. Attorney for the Southern District of New York (SDNY) on charges of wire fraud, securities fraud, and money laundering. Konstantin was arrested in March of this year.

Moreover, earlier this month former OneCoin investor Christine Grablis filed a lawsuit against the organization’s promoters, with Grablis’ attorney claiming OneCoin’s founders created a multi-billion dollar ‘cryptocurrency’ company based completely on lies and deceit.”