Thursday, May 1, 2025
HomeRansomwareNew Spritecoin Ransomware Steals Browser Passwords & Asks Monero Instead of Bitcoin...

New Spritecoin Ransomware Steals Browser Passwords & Asks Monero Instead of Bitcoin to Decrypt the Files

Published on

SIEM as a Service

Follow Us on Google News

A New Spritecoin Ransomware Discovered which is Demanding the Monero Crypto Currency to Decrypt the victim’s files instead of traditional and widely using Ransomware payment Cryptocurrency Bitcoin.

A Monero Cryptocurrency has been created in 2014, the current price is $316 USD and it’s widely getting popular in cryptocurrency world.

Spritecoin Ransomware also Pretending as a cryptocurrency-related password store along with Monero payment and mimics as a spritecoin Cryptocurrency wallet.

- Advertisement - Google News

It asks the user to create a desired password to connect with Blockchain but it doesn’t make any connection and it silently Encrypt the victim’s file.

Once all the victim’s file will be encrypted, it demands the ransom asks to pay via Monero cryptocurrency to decrypt the file.

Spritecoin Ransomware also spying to steal the Chrome stored credentials and once it finds no information then it moves ahead and checks the Firefox credentials and it is using SQLite to store the credentials that have been harvested from the browsers.

Also Read:  Ransomware Attack Response and Mitigation Checklist

How Does Spritecoin Ransomware Works

It mainly targeting users who all are interesting in cryptocurrency via forum spam and aslo it using social engineering techniques, without user interaction via exploits.

Some time it arrived via exploit kits, malicious crafted Excel/Word/PDF macros, or JavaScript downloaders.

Attacker manly using some professonal social engineering techniques via crafted malicious email and trick users to click on it.So Spritecoin Ransomware needs some user interaction to successfully exploit Its payload.

According to Fortinet, Initially, it arrives “SpriteCoin” package (spritecoind[.]exe) and mimics as Spritecoin crypto-currency wallet, that is actually not a cryptocurrency wallet, it was created and spread for this attack.

Once the Ransomware successfully executed, its prompt used into a page where users urged to “Enter your desired wallet password”

Once password enter, another window shows the user that, it connected into Blockchain. but it is actually a process of the encryption process of users file.

This ransomware using onion proxy for victims to communicate with an attacker.This proxy allows the victim to communicate with the attacker’s website without the need for a TOR connection.

Once the encryption process will be done, its demand  0.3 Monero – which is equivalent to $105 USD. also it generates ransom note that says “Your files are encrypted”.

Also, it transferred the harvested credentials to a remote website. aslo another twist is, if the user trying to pay the ransomware it downloads another payload.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment

Commvault, a global leader in data protection and information management, has confirmed that a...

FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains...

Tor Browser 14.5.1 Released with Enhanced Security and New Features

The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a...

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Uncovered RansomHub Operation and it’s Relation With Qilin Ransomware

Security researchers have identified significant connections between two major ransomware-as-a-service (RaaS) operations, with evidence...

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...