A new crypto malware uses the Tor network and Bittorrent protocol to infect user computers and mine bitcoin. 

According to a report published by ESET researchers Matthieu Fau and Alexandre Cote Cyr, a new malware dubbed “Krypto Cibule” is infecting user devices to mine cryptocurrency, steal crypto wallet files and redirect incoming digital assets to a hacker address.

The report claims the previously undocumented malware family deploys “multiple techniques” to avoid detection” while making extensive use of the Tor network and BitTorrent protocols in its communication infrastructure. 

The report reads, 

Krypto Cibule is spread through malicious torrents for ZIP files whose contents masquerade as installers for cracked or pirated software and games.

The two researchers claim the malware has accounted for hundreds of attacks in the Czech Republic and Slovakia, with most victims being infected via downloads from the popular torrent site uloz.to.

The report traces the mining portion of the malware back to 2018 and says it is written into XMRig, an open-source program for mining monero (XMR) with CPU.

The Krypto Cibule program also employs “clipboard-hijacking” which monitors a user’s clipboard in order to replace wallet addresses with those controlled by the malware operator. 

As of writing, the hacker wallets have accumulated more than $1,800 in bitcoin and ethereum in misdirected funds.

Featured Image Credit: Photo via Pixabay.com