New Malware Targets Magic Enthusiasts to Steal Logins

A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric practices.

Disguised as a legitimate fortune-telling application, this Trojan infiltrates devices to steal sensitive data, manipulate users through social engineering, and even deploy cryptocurrency mining software.

The malware is distributed via websites dedicated to mystical practices, masquerading as a harmless app that offers virtual tarot readings, astrological compatibility checks, and other “magical” features.

Once installed, however, the app connects to a command-and-control (C2) server referred to as the “astral cloud” and activates its payload.

This includes several malicious components:

• Autolycus.Hermes: A stealer that exfiltrates login credentials, banking details, and personal information.
• Karma.Miner: A cryptocurrency miner that generates KARMA tokens using the victim’s device resources.
• Lysander.Scytale: Crypto-malware capable of corrupting user files if mining activities are disrupted.

Social Engineering Meets Cybercrime

What sets Trojan.Arcanum apart is its use of pseudo-esoteric advice to manipulate victims.

After analyzing the victim’s financial data, the malware sends tailored messages through pop-up notifications.

For instance, if significant funds are detected in a banking app, the malware may prompt the user with a fake prediction encouraging large investments.

This could lead victims to fall for phishing scams disguised as promising business opportunities.

Additionally, Trojan.Arcanum subscribes users to dubious paid services under the guise of esoteric practices, incurring recurring charges.

If users attempt to terminate mining operations or subscriptions, the crypto-malware component wreaks havoc by irreversibly shuffling segments of their files.

A Fabricated Threat or a Warning?

Interestingly, this malware narrative was revealed on April 1st as part of an elaborate fictional scenario created by cybersecurity experts at Kaspersky Lab.

While Trojan.Arcanum itself does not exist, it highlights the potential risks posed by malicious apps leveraging niche interests like magic and fortune-telling to deceive users.

The scenario underscores how cybercriminals could exploit popular themes to distribute Trojans and other malware.

Though Trojan.Arcanum is fictional, the tactics described are grounded in real-world cyber threats.

To safeguard against similar attacks:

• Use trusted security software to detect and block malware before it compromises your device.
• Scrutinize app permissions; avoid granting unnecessary access to sensitive data or system functions.
• Regularly review subscriptions linked to your accounts to identify unauthorized charges promptly.
• Exercise skepticism toward online claims and avoid downloading apps from unverified sources.

As cybercriminals continue to innovate their methods, even seemingly harmless interests like magic can become vectors for sophisticated attacks.

Staying vigilant and employing robust cybersecurity measures remain critical defenses against such evolving threats.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!