The newly emerged malware 'AsymCrypt' and the constantly evolving stealer 'Lumma' specifically target crypto wallets. The malware sometimes disguises itself as a .docx to .pdf converter.
Kaspersky experts have discovered a new threat: Cryptor and loader AsymCrypt, which targets crypto wallets and is sold on darknet forums. This is a further developed version of the DoubleFinger loader that claims to lead to a TOR network service. AsymCrypt buyers can customize injection methods, targeting processes, startup persistence, and stub types for malicious DLLs, allowing the payload to be hidden in an encrypted blob within a .png image uploaded to an image hosting website. When executed, the image is decrypted and the payload is activated in memory.
Lumma disguises itself as a .docx to .pdf converter
Kaspersky experts also came across the Lumma stealer, a gradually evolving malware family. Originally known as Arkei, Lumma retains 46 percent of its previous features. Disguised as a .docx to .pdf converter, once uploaded files come back with the double extension .pdf.exe, the stealer triggers the malicious payload.
However, the main functionality of all variants has not changed over time: stealing cached files, configuration files and logs from crypto wallets. The Lumma stealer poses as a browser plugin, but also supports the standalone Binance app. The development of Lumma includes adopting system process lists, changing communication URLs and optimizing encryption techniques.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/