Latest Tech

Tech - New Bleeder CryptXXX Able To Steal Bitcoins And Personal Data


Proofpoint (cyber security company) Researchers have discovered a new type of malware with pretty interesting and severe functionality. In addition to encrypting files on the infected computer, CryptXXX also able to steal bitcoins, passwords and other important information. For recovery of data access malware operators demanding a ransom of $1.2 Bitcoin (approximately $515).


New Bleeder CryptXXX Able To Steal Bitcoins And Personal Data

Attackers use a set of exploits Angler to spread the malware CryptXXX, in particular, malware Bedep, capable of downloading other Trojans on the infected system and initiate fraudulent clicks. In addition to encrypting the content, CryptXXX collects the data about applications installed on your computer for instant messaging, e-mail clients, FTP-managers, and browsers. The malware can also steal bitcoins and credentials from the computer or system of the victim. According to the experts of Proofpoint, some signs indicate that the authorship belongs CryptXXX creators exploit whale Angler, malware, and Bedep Reveton.

CryptXXX is not only the new extortionist, discovered recently. For example, the researchers of the software company CheckPoint (international provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management) informed when a new version of the Trojan Kovter, able to encrypt files on the targeted device. According to the experts, the Trojan obfustsiruet is only the first part of files. The malware encrypts quickly and the most interesting target for the malware was the documents. Since the encryption key is stored locally on the device and access to the files which are easy to recover.

Fabian Wosar researcher at cyber security company Emsisoft, discovered a new software extortionate AutoLocky, imitating known malware Locky. The program is written in AutoIt, and not so complicated as the original Locky. In particular, AutoLocky does not use C & C-infrastructure for the key exchange in the memory to encrypt files and currently this malware distribution method is unknown.


Once AutoLocky access the system, it studies the whole data stored on the disk and then encrypts them using the AES-128 algorithm. The malware adds an extension “.locky” files on the system, but unlike the present Locky does not change their names. But, Fabian Wosar researcher at cyber security company Emsisoft has developed a tool that allows you to recover all your content infected by the malware AutoLocky.

No comments