Microsoft Warns of Infostealing Malware ‘Cryware’ Targeting Crypto Wallets

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks.

The tech giant has dubbed the new threat “cryware,” with attacks resulting in the irreversible theft of virtual currencies through fraudulent transfers to an adversary-controlled wallet.

“Cryoware are information thieves that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets“, Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team mentioned in a new report.


“Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to the cryptographic keys needed to complete transactions, more and more threats are targeting them.”

Attacks of this kind are not theoretical. Earlier this year, Kaspersky exposed a financially motivated campaign organized by North Korea-based Lazarus Group, which involved targeting crypto companies with malware designed to drain funds from hot wallets.


Cryware encompasses the following threats –

  • Cryptojackers who surreptitiously consume a target’s device resources to mine cryptocurrency
  • Ransomware campaigns that use cryptocurrency as a ransom payment to avoid detection
  • Information thieves (e.g. Mars Stealer, RedLine Stealer, Arkeiand Raccoon) which are increasingly being upgraded to siphon active wallet data alongside other valuable information stored in the system, and
  • ClipBankers (aka clippers) that steal cryptocurrency during transactions by monitoring the clipboard and replacing the original wallet address with the attacker’s address
cyber security

These information theft attacks aim to extract hot wallet data such as private keys, seed phrases, and wallet addresses, allowing the threat actor to initiate malicious transactions and transfer funds to another wallet.


Alternatively, cyber criminals have also been observed to use techniques such as core dumping to display private keys in the clear, keylogging to capture keystrokes entered by a victim, or designing similar wallet websites to induce users to enter their private keys.

To mitigate these threats, Microsoft recommends that users and organizations lock down active wallets when not trading, disconnect sites connected to a wallet, avoid storing private keys in the clear, and verify the value of the wallet. wallet address when copying and pasting information.

“Cryware signifies a shift in the use of cryptocurrencies in attacks: no longer as a means to an end, but as the end itself,” the researchers said.

We want to say thanks to the author of this write-up for this outstanding web content

Microsoft Warns of Infostealing Malware ‘Cryware’ Targeting Crypto Wallets

Take a look at our social media profiles along with other pages related to them