Twitter Memes: The most deceptive way of infecting your devices with cryptostealers
If you have been around digital currencies for a bit, you probably know that in terms of security the only thing you can say with certainty is the next vulnerability will be an unexpected one.
We had Trezor hardware wallets hacked by a teenager through a “trivial bug”.
Ledger Wallet went through something similar a few times, not even mentioning all the campaigns targeting Exodus or Jaxx.
We also had an (apparently exploited) vulnerability in Electrum wallet, which passed unnoticed for way too many years.
Devices Separated for Activities
Because of this aspect of security, it became the best practice to separate your devices: For your convenience you can safely keep having your day-to-day wallet on your normal laptop as long as you don’t access notorious sites like streaming that have malicious ads, and as long as you are careful about what you are clicking at in your emails. For whatever downloading or streaming you want to do you can simply have an old phone that is good for nothing anyway and can act like your burner.
But What Is Safe?
The problem is the definition of “safe activities” for your day-to-day device keeps narrowing. We know it is not safe to have installed TeamViewer or similar remote control software. We know there might be another bug in Telegram.
The campaign reported recently at TrendMicro takes it to a whole new level though: A malicious script distributes via Twitter memes.
The malicious part is embedded in the image via an old technique called steganography that we mentioned in an older security post as a method about hiding secret text phrases like perhaps parts or your seed. Uploading the enriched picture to social networks doesn’t necessarily strip off the embedded information.
In the case of the malicious memes, you download the image which activates the script inside it. This particular edition acts only as a communication tool, it grabs screens of your active windows, looks for a particular malware you got from somewhere else and perhaps downloads other malicious memes (you wouldn’t notice, would you?).
If it works, it will be reused
The way the business of malware works in 2018 though is you test the waters with something low-key and if it kind of works, you add stuff like Monero miners and scanning for cryptocurrency wallets. These building blocks are available commercially for cheap and especially with the illicit mining (cryptojacking) provide quite a reliable source of long-term income.
Either way: The distribution model relies on users downloading the good memes onto their computer. Now that you’re wiser you can simply screenshot them instead to be on the safe side.