CryptoMode KryptoCibule Malware

Cryptocurrency users have fallen victim to many security-related threats. KryptoCibule is one of the latest threat vectors, as this malware is quite potent. Stealing cryptocurrency is its main objective, a goal that can be achieved in many different ways.

KryptoCibule is a Real Problem

Handling malware has become the new normal for most cryptocurrency users. Criminals will always try to steal one’s Bitcoins or altcoins by whatever means necessary. Not all of these attacks are successful, but that doesn’t mean they can’t do permanent damage. Particularly malware has proven rather nasty to deal with in recent years.

One of the new malware threats goes by the name of KryptoCibule. It leverages many techniques to avoid detection on a target system. At the same time, it is designed for the sole purpose of stealing cryptocurrencies. Although this family has been active since 2018, the newer version has undergone some serious upgrades. 

As is often the case with malware, it is distributed through Torrent files. Malicious Torrents with a zip file are currently best ignored, regardless of what one attempts to download. The malicious files are often masked as installer executables for newer PC games, as well as several popular pieces of software.

Interestingly enough, victims will get the software or game they were trying to pirate without issues. It is the extra payload that users should be more worried about. This particular payload consists of XMRig, an open source tool to mine Monero. Anyone installing this application will see their CPU usage spike beyond control.

Other Mining Tools 

Whereas most types of malware would stick to mining Monero, KryptoCibule is a different creature. Its package also contains kawpowminer, which can be used to mine Ethereum with a GPU. This tool will only be activated if a dedicated graphics card is detected as part of the infected system. Integrated graphics are not used for this purpose, as they are far too slow.

For the time being, KryptoCibule is primarily being distributed in the Czech Republic and Slovakia. Any machine running ESET, Avast, or AVG security tools is of particular interest. This seems to indicate those tools have a zero-day exploit that needs to be patched as soon as possible. It is equally possible the infection will only occur with older versions of these security tools.

Just becuase the malware is primarily found in these regions doesn’t mean it won’t pop up elsewhere. Distributing files through BitTorrent gives the criminals a potential global audience. Moreover, it is not unlikely someone else will try to “improve” the code and distribute it further. 

KryptoCibule and Stealing Crypto

Looking beyond the cryptocurrency mining aspect, there are other reasons to be concerned. This malware can use clipboard hijacking, allowing it to change crypto wallet addresses. Always make sure the destination address is entered correctly when sending funds to someone else. This method has proven to be rather successful in the past.

Last but not least, the malware will seek out certain file extensions. This include wallet.dat files, among other things. It is evident the KryptoCibule developers are very serious about obtaining one’s cryptocurrency. Considering how the malware is still actively developed today, it may pose a much bigger threat in the future.


Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]

LEAVE A REPLY

Please enter your comment!
Please enter your name here