Attackers Use Fake SpriteCoin Cryptocurrency to Lure Users into Downloading Ransomware

A recent campaign was found using social engineering methods to take advantage of the increasing hype and visibility of cryptocurrencies via a fictional cryptocurrency called SpriteCoin, which is used as a ransomware lure for unsuspecting users.

The attackers behind SpriteCoin (RANSOM_MONEROPAY.THAOOAI) advertise to users interested in cryptocurrencies on online forums, prompting them to take advantage of what is essentially an Initial Coin Offering (ICO) of a new cryptocurrency by downloading a wallet app package. Once the app is downloaded, it will prompt the user to create a password which will be used to download SpriteCoin’s blockchain. The app’s true purpose, however, is to go after the victim’s files, which it will encrypt and rename with the .encrypted suffix. The victim will then be presented with a ransom note demanding 0.3 monero (XMR)—roughly $91 at the time of publication.

The SpriteCoin ransomware attack is particularly sinister, as it isn’t limited to file encryption. Users who decide to pay the ransom demand will run into more trouble, as during the decryption phase, it downloads additional malware that performs web camera activation, key parsing, and certificate harvesting.

The SpriteCoin attacks use effective social engineering techniques to lure victims, many of which are attracted by the prospect of profiting from a new and potentially promising cryptocurrency. Given that the attack is relatively simple to pull off, it should not be surprising to see more attacks involving fake cryptocurrencies in the future.

Despite the popularity and hype of cryptocurrencies, users should always assess the situation, especially when these “new” cryptocurrencies come from unknown sources. A quick search engine query can help users determine the legitimacy of a new cryptocurrency. The lack of a legitimate website or any news from reliable sources should be a red flag for users. Users should also avoid clicking on links advertising products or services that seem too good to be true.

Employing the best practices for ransomware mitigation can also help users protect their data from being encrypted or deleted. This includes backing up regularly, preferably by using the 3-2-1 rule for maximum effectiveness.

Users can also look into using security solutions designed to combat these kinds of threats, including Trend Micro Security 10, which provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat. 

They can likewise take advantage of free tools such as the Trend Micro Lock Screen Ransomware Tool, which is designed to detect and remove screen-locker ransomware; as well as Trend Micro Crypto-Ransomware File Decryptor Tool, which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.