Microsoft has issued a warning about a significant malvertising campaign targeting cryptocurrency traders, which infects systems via malicious downloads disguised as legitimate tools. The Node.js-based malware collects sensitive information and remains undetected. Users are advised to monitor script behaviour and implement endpoint protection to mitigate risks.
Microsoft Threat Intelligence has issued a serious warning regarding a large-scale “malvertising” campaign that is specifically targeting cryptocurrency traders. The campaign was identified earlier this month and deceives users into downloading malicious installers disguised as legitimate trading tools from reputable companies like Binance and TradingView.
The malware, based on Node.js, is embedded in the downloaded package and immediately infects the victim’s system. Once activated, it starts collecting sensitive information about the victim’s computer while setting up a scheduled task to ensure its persistence, cleverly avoiding detection by antivirus software.
As a decoy, victims are presented with a window resembling a legitimate cryptocurrency trading website. The malicious scripts harvest a plethora of data, including installed programs, BIOS versions, regional settings, and network adapter information, potentially enabling targeted attacks in the future.
To safeguard against this malicious onslaught, potential victims should be vigilant for any unusual script behaviours, ensure endpoint protection is implemented, and limit outbound communications. Microsoft further advises that organizations can mitigate the risks associated with Node.js by educating users about the dangers of downloading software from unverified sources and monitoring Node.js execution to prevent exploitation.
According to reports, the risks associated with Windows for cryptocurrency holders might be greater than those for macOS, as suggested by CryptoQuant CEO Ki Young Ju last year.
