The cybersecurity division of Blackberry, a former smartphone giant, has highlighted the most notorious malware families targeting cryptocurrencies.

In a ‘Global Threat Intelligence Report’ published Thursday, between March and May, Blackberry stopped over 1.5 million cyberattacks, that hit the finance, healthcare and government sectors hard.

“During this reporting period, BlackBerry telemetry observed a continuous trend in the use of commodity malware such as RedLine, which can harvest information including saved credentials, credit card information, and cryptocurrency,” the report noted.

Malware families including SmokeLoader, RaccoonStealer and Vidar have been specifically designed to hijack computers for crypto mining or theft.

For instance, SmokeLoader, a rogue financial tool, was primarily used by Russia-based bad actors to load an array of malware including crypto miners. RaccoonStealer is yet another malware “that obtains browser cookies, passwords, auto-fill web browser data, and cryptocurrency wallet data.” This malware is reportedly being sold across the dark web.

Vidar, which usually targets the Linux operating system, extracts information from cryptocurrency wallets and exchanges. Blackberry advised several organizations to regularly apply security patches to protect against hackers trying to exploit Linux OS for crypto mining. 

“Vidar harvests banking information, browser credentials, and cryptocurrency wallets, as well as standard files,” the company wrote.

Perpetrators apparently induced Prometei botnet, which has been active since at least 2020, to Linux-based servers, to mine cryptocurrencies like Monero. This tool was particularly difficult to trace and stop, given Prometei’s advanced features that use different internet domains.

Cybersecurity in the Cryptocurrency Space

A recent report by cybersecurity firm SonicWall revealed that cryptojacking incidents rose 399% year-on-year by the end of June. Regions facing sanctions and mining bans are behind cryptojacking, the report said.

Statista estimated that the cybersecurity market is projected to reach $162.00 billion in 2023. As cryptocurrencies evolve, exchanges, crypto platforms and wallets are being targeted by hackers.

The most recent one occurred on July 22 targeting crypto exchange CoinsPaid. North Korean hackers at the infamous Lazarus Group were suspected to be behind a $37 million attack on the crypto payment system.

The attack drained funds from the company’s own reserves, unaffecting customer deposits, CoinPaid said at the time.