[Warning]: Cinobi Banking Trojan Targets Crypto Exchange Users via Malvertising

[cryptomaniac_xxx]

There is a new or at least mutated banking trojan that now targets Japan base crypto exchanges. So for now it seems that it's specific for Japan, but I think this is just the beginning as the author might released it to attack other country base crypto currency exchange.

Looking into the Cinobi sample, we found that the overall functionality remained relatively the same, but the configuration had been updated to include several Japanese cryptocurrency exchange websites as part of the target list. The group started to use Cinobi to steal the credentials of its victim’s cryptocurrency account.

Infection routine:

The campaign’s infection routine begins when a user received malvertisements that are disguised as advertisements of either Japanese animated porn games, reward points applications, or video streaming applications. While we have observed five different themes of their malvertisements, all of them attempt to trick victims into downloading the same archive with the same malware.

So there is mode of attack, I don't fall on any of the category though, but either way, it's better to stay and practice good security hygiene so that the chances of us being the victim is slim to one.

You can read it here: https://www.trendmicro.com/en_in/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html

[1713572833]

1713572833

[1713572833]

1713572833

[1713572833]

1713572833

[1713572833]

1713572833

[DdmrDdmr]

Trend Micro’s report mentions that Cinobi seems to currently target the credentials for 11 financial entities, being at least three of them crypto Exchanges. It doesn’t list nominally the list of targeted sites (which could obviously change at any time, but an initial list could have been released), although all targets seem to currently be Japanese.


Propagation methods are recurrent, and they all lead you to installing malware through whatever means they use as a pretext. In this case, advertisements are used. As we know, people should not blindly put their faith in advertisement just because they are advertisement, since these can lead to malware or fake sites just the same.

[Pmalek]

New malware version and method of attack, but same old thing. It all comes down to not clicking on unknown links, no matter if they are sent to you via social media, emails, Telegram, PMs, whatever. You shouldn't click on ads either and why would you? If you are interested in a product, visit the official website or do some research on it on your own without clicking on the ad. I am not sure if ad blockers help against malvertisements, but you should use them either way. uBlock Origin and AdGuard AdBlocker are good and should do the trick. 

[noorman0]

Advertising has become a hotbed of crimes such as phishing and malware. Unfortunately, there are still many people who are not aware of it being interested in finding micro-income with the pay-per-click method through shortening urls which in fact contain annoying ad spam. This case is a red flag that malvertising will someday start to plague micro-earning sites like this.

[Charles-Tim]

The poorest thinking is for someone to be using his wallet device or any device funds can be accessed to click on ads, even google will gladly welcome scammers and help them to displace their ads, other sites also do not want to know if someone's site is legit or not because scammers will payf or the ads the are displaying. Clicking on ads is the begining of lack of online privacy and unsafe device (devices used to click on malware), and a potential means to attack such devices.

Also, it is not only limited to clicking of malware, some people also like downloading pirated copies, there are malware that can be easily introduced into someones devices through pirated torrent files. One thing about these malware is that they are just a few kilobytes to download and install unknowingly.

One thing I can not do is to be using the device I have my Bitcoin wallet on, my banking app on, or the exchange I am using to access the internet anyhow I want, it is not done like that, what I basically used this devices for are downloading new updates like new Electrum wallet version and nothing more. But, yet, I can never use the device I am using to browse and access the internet online frequently to be click on ads, it is like I am inviting scammers myself, so it is not possible. People that care about online security, privacy and safety will make use of anti-malware and ad-blockers to just to be safe.

New malware version and method of attack, but same old thing.

Yes, it is the same old way, this is what I expect the government to also work on, to spread the importance of not clicking on ads, but the world is not balance, even google can not do it because it is part of their income sources, then even the government will not help because they see ads as so important than anything, but yet a potential means scammers are using to scam people. They will say they are regulating, but they are not teaching. Taliban becoming the government of Afghanistan is still another lesson I learnt recently, that the world is fake, if we do not protect ourselves, then we can be the victim of irreversible mistake.

[cryptomaniac_xxx]

New malware version and method of attack, but same old thing. It all comes down to not clicking on unknown links, no matter if they are sent to you via social media, emails, Telegram, PMs, whatever. You shouldn't click on ads either and why would you? If you are interested in a product, visit the official website or do some research on it on your own without clicking on the ad. I am not sure if ad blockers help against malvertisements, but you should use them either way. uBlock Origin and AdGuard AdBlocker are good and should do the trick. 

I also did create this thread before, AdBlock and UBlock.

True, we shouldn't trust and click any unknown links, but many are still falling for this trick and unless crypto users educated themselves to as least combat the mode of infection, these criminals are going to exploit any best known method.

[Pmalek]

One thing I can not do is to be using the device I have my Bitcoin wallet on, my banking app on, or the exchange I am using to access the internet anyhow I want...

If you have access to multiple devices and can afford several laptops or phones, the best things to do would be to use each device for different activities.

Separate your work computer from your entertainment computer. I have a laptop only for work and my financials. That machine is never used to browse the internet, downloading (unless it's work-related). I use it for work, bills, and banking. 
I have another laptop for entertainment, social media, Youtube, non-business related emailing, movies, surfing the internet, downloading, etc.
A third device is used for crypto activities, wallets, and exchanges.

I like to detach my real-world work from my crypto activities. I have separate USB devices for each machine for example. I don't click on weird links, ad-one, emails on either of them.