Saturday, June 22, 2024

New Spritecoin Ransomware Steals Browser Passwords & Asks Monero Instead of Bitcoin to Decrypt the Files

A New Spritecoin Ransomware Discovered which is Demanding the Monero Crypto Currency to Decrypt the victim’s files instead of traditional and widely using Ransomware payment Cryptocurrency Bitcoin.

A Monero Cryptocurrency has been created in 2014, the current price is $316 USD and it’s widely getting popular in cryptocurrency world.

Spritecoin Ransomware also Pretending as a cryptocurrency-related password store along with Monero payment and mimics as a spritecoin Cryptocurrency wallet.

It asks the user to create a desired password to connect with Blockchain but it doesn’t make any connection and it silently Encrypt the victim’s file.

Once all the victim’s file will be encrypted, it demands the ransom asks to pay via Monero cryptocurrency to decrypt the file.

Spritecoin Ransomware also spying to steal the Chrome stored credentials and once it finds no information then it moves ahead and checks the Firefox credentials and it is using SQLite to store the credentials that have been harvested from the browsers.

Also Read:  Ransomware Attack Response and Mitigation Checklist

How Does Spritecoin Ransomware Works

It mainly targeting users who all are interesting in cryptocurrency via forum spam and aslo it using social engineering techniques, without user interaction via exploits.

Some time it arrived via exploit kits, malicious crafted Excel/Word/PDF macros, or JavaScript downloaders.

Attacker manly using some professonal social engineering techniques via crafted malicious email and trick users to click on it.So Spritecoin Ransomware needs some user interaction to successfully exploit Its payload.

According to Fortinet, Initially, it arrives “SpriteCoin” package (spritecoind[.]exe) and mimics as Spritecoin crypto-currency wallet, that is actually not a cryptocurrency wallet, it was created and spread for this attack.

Once the Ransomware successfully executed, its prompt used into a page where users urged to “Enter your desired wallet password”

Once password enter, another window shows the user that, it connected into Blockchain. but it is actually a process of the encryption process of users file.

This ransomware using onion proxy for victims to communicate with an attacker.This proxy allows the victim to communicate with the attacker’s website without the need for a TOR connection.

Once the encryption process will be done, its demand  0.3 Monero – which is equivalent to $105 USD. also it generates ransom note that says “Your files are encrypted”.

Also, it transferred the harvested credentials to a remote website. aslo another twist is, if the user trying to pay the ransomware it downloads another payload.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles