tl;dr
Microsoft Threat Intelligence has warned of a major malvertising campaign targeting cryptocurrency traders. The campaign, active since early October, uses fake ads to trick users into downloading malicious installers disguised as legitimate trading tools from companies like Binance and TradingView. ...
Microsoft Threat Intelligence has issued a critical warning about a malvertising campaign targeting cryptocurrency traders. The campaign, active since early October, uses fake advertisements to trick users into downloading malicious Node.js-based installers disguised as legitimate trading tools from Binance and TradingView.
The malware instantly infects systems upon installation, collecting extensive data such as installed program lists, BIOS versions, regional settings, and network adapter details. To avoid antivirus detection, it creates obfuscated scheduled tasks that maintain persistence on the infected machines. Victims are deceived with a decoy window displaying a legitimate cryptocurrency trading website to mask the attack.
Collected data is potentially utilized for targeted attacks or future exploit planning. Microsoft advises users to remain vigilant by monitoring suspicious script activity, enabling endpoint protection, restricting outbound communications, and avoiding downloads from unverified sources. They further recommend educating users on the dangers of untrusted software and limiting Node.js execution to reduce risk exposure.
This warning highlights the increased threat environment Windows users face, with previous expert opinions marking Windows as riskier for crypto holders compared to macOS. Overall, the ongoing campaign emphasizes the evolving sophistication of cyber threats targeting the cryptocurrency community.