Microsoft Identifies ‘Cryware’ Hot Wallet Malware

Reading Time: 2 minutes
  • Microsoft has defined a new type of malware aimed directly at crypto hot wallets
  • ‘Cryware’ is software that steals sensitive data from devices and compromises non-custodial wallets
  • Cryware has grown in popularity as hackers move on from malware attacks on organizations

Microsoft security researchers have defined a new category of malware aimed at comprising cryptocurrency hot wallets – cryware. The company describes cryware as being “information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets”, which they identify as being much easier to target than other wallet types. Cryware has grown in popularity in the last 18 months as hackers go for easier targets such as wealthy individuals rather than trying to exploit companies through ransomware.

Cryware Comes in Various Flavors

Microsoft explains the rationale behind the growth in cryware, stating that hackers have moved from carrying out illegal activities in order to get cryptocurrency in return (e.g. cryptojacking and ransomware attacks) to straight theft of cryptocurrencies from non-custodial wallets. They add that some of the most common methods of obtaining access to such wallets include clipping and switching, memory dumping, phishing, and scams.

While phishing attacks and scams are of course well known to those who have spent any time in the crypto space, clipping and switching and memory may not be; the first involves the replacement of a string of copied user text with a compromised alternative (i.e. a cryptocurrency address), while the latter involves a hacker obtaining a password or private key from the browser’s memory after it has been entered into a field by the user.

2021 Saw Growth in Strains and Cases

Cryware typically scrapes or targets compromised devices for sensitive data, such as an insecurely recorded private key, which hackers can then use to steal the funds in the wallet. Use of cryware rose throughout 2021 and then rocketed in December largely thanks to the explosion of attacks using the ‘Raccoon Stealer’ cryware.

FullyCrypto has put together a few quick guides on how to protect your wallets, devices, and browsers in the past, so it’s well worth going over these again and refreshing your memory.