A recent campaign was found using social engineering methods to take advantage of the increasing hype and visibility of cryptocurrencies via a fictional cryptocurrency called SpriteCoin, which is used as a ransomware lure for unsuspecting users.
The attackers behind SpriteCoin (RANSOM_MONEROPAY.THAOOAI) advertise to users interested in cryptocurrencies on online forums, prompting them to take advantage of what is essentially an Initial Coin Offering (ICO) of a new cryptocurrency by downloading a wallet app package. Once the app is downloaded, it will prompt the user to create a password which will be used to download SpriteCoin’s blockchain. The app’s true purpose, however, is to go after the victim’s files, which it will encrypt and rename with the .encrypted suffix. The victim will then be presented with a ransom note demanding 0.3 monero (XMR)—roughly $91 at the time of publication.
The SpriteCoin ransomware attack is particularly sinister, as it isn’t limited to file encryption. Users who decide to pay the ransom demand will run into more trouble, as during the decryption phase, it downloads additional malware that performs web camera activation, key parsing, and certificate harvesting.
The SpriteCoin attacks use effective social engineering techniques to lure victims, many of which are attracted by the prospect of profiting from a new and potentially promising cryptocurrency. Given that the attack is relatively simple to pull off, it should not be surprising to see more attacks involving fake cryptocurrencies in the future.
Despite the popularity and hype of cryptocurrencies, users should always assess the situation, especially when these “new” cryptocurrencies come from unknown sources. A quick search engine query can help users determine the legitimacy of a new cryptocurrency. The lack of a legitimate website or any news from reliable sources should be a red flag for users. Users should also avoid clicking on links advertising products or services that seem too good to be true.
Users can also look into using security solutions designed to combat these kinds of threats, including Trend Micro Security 10, which provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat.