Analysts of Fortinet, dealing with cybersecurity, found a virus-extortionist masquerading as a crypto-currency purse. In their opinion, SpriteCoin has implemented a new model of online extortion.
During the analysis, we saw signs of the built-in SQLite engine. This makes us assume that the application uses SQLite to store the collected credentials. Initially, a malicious program accesses credentials in Chrome, and if it does not find anything, it will try to access the credential store in Firefox. Then it looks for specific files for encryption. These files are encoded with the extension .encrypted (for example resume.doc.encrypted)
Users install an application that prompts them to set a password and then reports that they are downloading the block file, although they actually encrypt data on the computer. Access to the data is supposed to be obtained for 0.3 Monero, but after payment of the foreclosure, the malicious program continues to attack the victim's computer, compromising it even more.
Recall that, according to the company FireEye, cybercriminals are increasingly directing attacks on holders of bitcoins and crypto-exchange exchanges in the Asia-Pacific region. Group-IB experts also believe that hackers will switch their attention from banks to the crypto-currency market - a successful attack on it brings more money.
Information Source: CNET