Skip to content

Beware: Microsoft detects a sharp spike in info-stealing malware attacking crypto wallets

Beware: Microsoft detects a sharp spike in info-stealing malware attacking crypto wallets

It should come as no surprise that a noticeable increase in the number of threats and attacks that target crypto or leverage them has coincided with the sharp surge in the market capitalization of cryptocurrencies

In particular, Microsoft (NASDAQ: MSFT) researchers are seeing an increase in related malware and techniques, as well as a new threat called ‘Cryware,’ according to a new security blog post published by the company on May 17. 

Cryware is a kind of data stealer that targets non-custodial crypto wallets (hot wallets). Since hot wallets, in contrast to cold wallets, are kept locally on a device and give simpler access to the cryptographic keys that are required to complete transactions, an increasing number of threats are focusing their attention on them.

Berman Enconado and Laurie Kirk from the Microsoft 365 Defender Analysis Workforce stated in the report. 

“With the growing popularity of cryptocurrency, the impact of cryware threats have become more significant. We’ve already observed campaigns that previously deployed ransomware now using cryware to steal cryptocurrency funds directly from a targeted device.”

2021 Cryware distribution: Source: Microsoft

The role of crypto in attacks has changed

Prior to the development of cryware, the function of cryptocurrencies during an attack or the stage of an assault in which they were involved varied depending on the overall purpose of the attacker. As an example, several ransomware attacks favor the use of cryptocurrencies as a form of ransom payment. 

Nevertheless, in such a case, the target user will need to carry out the transfer on their own. In the meanwhile, cryptojackers, which are one of the most common types of malware connected to cryptocurrencies, do attempt to mine crypto on their own, however the success of such a strategy is strongly reliant on the resources and capabilities of the targeted system.

Cryware allows attackers to instantly move the target’s cryptocurrency to their own wallets after gaining access to their hot wallet data. Blockchain transactions are final even if performed without a user’s agreement or knowledge. Unlike credit cards and other financial transactions, there are no methods to reverse or protect consumers against fraudulent crypto transactions. 

Regular expressions (regexes) may be used to locate hot wallet data like as private keys, seed phrases, and wallet addresses, using these patterns, cryware automates the procedure. Clipping and switching, memory dumping, phishing, and frauds are all methods used to acquire wallet information.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.