[READ]: New Prynt Stealer Clipboard malware targets crypto wallets and others.

[btc_angela]

There is a new clipboard malware/stealer in the wild, known as Prynt Stealer.

Prynt Stealer targets:

Document: pdf, rtf, doc, docx, xls, xlsx, ppt, pptx, indd, txt, json.

Database: db, db3, db4, kdb, kdbx, sql, sqlite, mdf, mdb, dsk, dbf, wallet, ini.

Source Code: c, cs, cpp, asm, sh, py, pyw, html, css, php, go, js, rb, pl, swift, java, kt, kts, ino.

Image: jpg, jpeg, png, bmp, psd, svg, ai.

Browsers:

    Chromium-based browsers
    MS Edge
    Firefox-based browsers

Files targeted by malware for stealing data:

    Web Data (for Autofill data)
    Login Data (for Login Credentials)
    History (for search history)
    Cookies (for browser Cookies)

Messaging apps target

    Discord
    Pidgin
    Telegram

Crypto wallets:

Zcash, Armory, Bytecoin, Jaxx, Ethereum, AtomicWallet, Guarda,  and Coinomi.

"Stealer queries registry for identifying the location of Blockchains such as Litecoin, Dash, and Bitcoin as shown in Figure below. It obtains the path from registry data “strDataDir” in the HKEY_CURRENT_USER\Software\Blockchain_name\ Blockchain_name-Qt registry key."




The attacks is very complicated as it uses a lot of Algo so that it won't be detected by AV softwares. Combinations of hard coded strings, AES256 and Rijndael encryption algorithm.

For a detailed technical explanation you can read it here: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

Let me just reiterated safety and security practices and precautions mentioned in the article:

• Avoid downloading pirated software from warez/torrent websites. The “Hack Tool” present on sites such as YouTube, torrent sites, etc., mainly contains such malware.
  
• Use strong passwords and enforce multi-factor authentication wherever possible.
• Turn on the automatic software update feature on your computer, mobile, and other connected devices.
• Use a reputed anti-virus and internet security software package on your connected devices, including PC, laptop, and mobile.
• Refrain from opening untrusted links and email attachments without first verifying their authenticity.

[Kemarit]

The scary thing is that this clipboard malware is very malicious and the algo itself is very high and this cyber threat actors are one step head of the game.

And for us crypto enthusiast who uses our pc and laptop not just for our crypto activities it is not safe practice anymore as this kind of malware can sip in our system without us knowing it. So for me, its better to have a separate hardware, in my opinion.

[hugeblack]

Most of the tips you mentioned may give a false impression of safety, so it is best:

 - generate seeds in an environment that did not and will not be connected to the Internet.
 - Broadcast the transaction from a device connected to the Internet after checking the address several times.
 - Dedicate a computer for encryption so that you can only visit trusted sites.
 - Do not download any program you do not trust and avoid downloading many programs.

[Pterosaur]

This could how I actually lost my tokens in my coinomi wallet, I am someone who is very careful about crypto and its wallets, I don't connect to random websites on my phone or unknown dex but I have use Ian Coleman before to get the actual private key of my ETH address since coinomi use recovery seed only, till this day I still don't know what when wrong, thanks for sharing, so trust wallet dont have such folder on a smartphone?

[Lucius]

The malware targets the following crypto wallets:
Zcash, Armory, Bytecoin, Jaxx, Ethereum, AtomicWallet, Guarda,  and Coinomi.

Did the author of the article mean the crypto wallets of these altcoins, or despite the fact that he obviously understands how this malware works, he does not understand the difference between crypto wallet and cryptocurrency?


It looks like a very complex malware that has a bunch of features, but it should be emphasized that anyone who sticks to some basic things when online should not worry too much that they will get infected with this or similar malware. The key is to either be extremely careful, or to separate online entertainment and cryptocurrencies by using two computers, or live versions of the Linux OS that you will always boot from CD/DVD or bootable USB.

[lovesmayfamilis]

And again, these obnoxious windows. Every time a new malware appears that digs into the data of users of this system, it should signal that it is necessary to use Linux systems.

There are a lot of excuses that Linux is inconvenient for many. Nevertheless, viruses are written on it much less often than on Windows.

Every time you need to check all the data that you send using the clipboard since the malware is equipped with both a keylogger and a clipper.

[Lafu]

Messaging apps target

    Discord
    Pidgin
    Telegram

Let me just reiterated safety and security practices and precautions mentioned in the article:

• Avoid downloading pirated software from warez/torrent websites. The “Hack Tool” present on sites such as YouTube, torrent sites, etc., mainly contains such malware.
  
• Use strong passwords and enforce multi-factor authentication wherever possible.
• Turn on the automatic software update feature on your computer, mobile, and other connected devices.
• Use a reputed anti-virus and internet security software package on your connected devices, including PC, laptop, and mobile.
• Refrain from opening untrusted links and email attachments without first verifying their authenticity.

Thats not really something new on the Malwarefront !

Discord is getting lately a big place for Hackers and Malware stuff , but it was already in the last years.
Read that here : PM links in Discord Deskt. client can steal your Password ,Cryptocurrencies !

There was not long ago a new try how they maybe get new Victims with sending a Image in a PM and you just see it loading the whole time ,
to that Image was a written asking text " Can you open the image ? " and if you click on it the hacking magic happend.
I have written about here in the my german thread about : https://bitcointalk.org/index.php?topic=5256519.msg59860527#msg59860527

The most Malware things will be not detected when you doing some kind of things like that !
Checking every link a few times should be a normal step , specialy when have wallets and personal details on your PC.

[death69]

The scary thing is that this clipboard malware is very malicious and the algo itself is very high and this cyber threat actors are one step head of the game.

And for us crypto enthusiast who uses our pc and laptop not just for our crypto activities it is not safe practice anymore as this kind of malware can sip in our system without us knowing it. So for me, its better to have a separate hardware, in my opinion.

Everything can be hacked, infiltrated, and destroyed. Therefore, you have to set up a multi-layer defense. Buying new hardware can cost money. The easier way is to set up a Virtual Machine that is easily isolated from the host computer. However, all sorts of defense act like an illusion or something that might frustrate the attacker. As long as they intrude, there will always be the way to steal all of the data

And again, these obnoxious windows. Every time a new malware appears that digs into the data of users of this system, it should signal that it is necessary to use Linux systems.

There are a lot of excuses that Linux is inconvenient for many. Nevertheless, viruses are written on it much less often than on Windows.

That is not true. Open-source can be both secured and exposed at the same time. Because most private computer used Windows do not mean that the Linux system is invulnerable. If many choose to use Linux, I bet hackers can easily develop new Linux-based malware

[CryptocurencyKing]

Files targeted by malware for stealing data:

    Web Data (for Autofill data)
    Login Data (for Login Credentials)
    History (for search history)
    Cookies (for browser Cookies)

With certain comfort comes certain disadvantages! You can imagine what would be the case of an autodata fill as we have it. This is an option that comes up to me most times when I approach a new page and I often just by pass it because, I don't see the stress in filling in my details at every point I need to login to a site and at other times when I make the error of accepting, I often look for a means to undo it if possible. Having Google get to save and run autofils don't just add up to me and the malware is very much ineffective for me at that point but, what becomes of the case of the unavoidable once.
Like it says, targeting login details even when it isn't based on an autofil, histories and cookies.

That brings me to it, are cookies really harmful? How is that?

[Jating]

Files targeted by malware for stealing data:

    Web Data (for Autofill data)
    Login Data (for Login Credentials)
    History (for search history)
    Cookies (for browser Cookies)

That brings me to it, are cookies really harmful? How is that?

I'm no expect, but as far as I understand, these hackers can hijack your browser sessions, cookies and they can pretend that it was you if you click a malicious link coming from the hackers themselves. So they can do whatever they want, as if they have your passwords to exchanges or wallets or even your banking information.

[dkbit98]

OMG... they literally listed ''ethereum'' as one of the crypto wallets  
I think this Prynt Stealer Clipboard malware is again affecting mostly wiNd0ws operating system, so best protection would be to switch to open source Linux or Mac OS.
Other recommendations they mention is to avoid downloading torrents and using pirated software (that is mostly for wiNd0ws os yet again), make stronger password and use antimalware software protection.
I know there are some programs that can disable or control clipboard activity, but it's much better to use different laptop with linux for all crypto related stuff.

[Taskford]

Files targeted by malware for stealing data:

    Web Data (for Autofill data)
    Login Data (for Login Credentials)
    History (for search history)
    Cookies (for browser Cookies)

That brings me to it, are cookies really harmful? How is that?

I'm no expect, but as far as I understand, these hackers can hijack your browser sessions, cookies and they can pretend that it was you if you click a malicious link coming from the hackers themselves. So they can do whatever they want, as if they have your passwords to exchanges or wallets or even your banking information.

This is the reason why we need to avoid clicking or downloading on unknown links because this kind of risk are mostly their also we shouldn't click on what random people sent to us since sometimes they use this method to bait us. Maybe the best thing to do is to have separate devices and log in only your important details on your other pc and see those links on your android or smart phone.