The term "cryptocurrency" is used to describe any digital currency that is built on blockchain technology and not reliant on a government or a central bank, unlike fiat money. Cryptocurrency is "stored" in crypto wallets, which are either entirely virtual or actual physical devices.
Like any digital space, virtual crypto wallets are vulnerable to different types of cyber crime, including malware attacks. In late 2021, cybercriminals began deploying a variant of Echelon malware to steal crypto wallets. So what is Echelon malware? How can you protect your cryptocurrency?
What Is Echelon Malware?
A sample of Echelon malware discovered by SafeGuard Cyber researchers was delivered in a .rar file.
Titled present.rar, it included three different files: 123.txt, a text document containing a password; DotNetZip.dll, a small, non-malicious class library for manipulating .zip files; and Present.exe, a malicious executable for the Echelon malware.
Notably, the Echelon executable SafeGuard discovered was obfuscated using ConfuserEx v1.0.0—code obfuscation is a trick malware developers use to make their malicious program harder to detect.
Once executed, the malware steals credentials and take screenshots of the targeted machine.
Echelon steals credentials from various File Transfer Protocol (FTP) and Virtual Private Network (VPN) platforms, including: Discord, Edge, FileZilla, NordVPN, OpenVPN, Outlook, Pidgin, ProtonVPN, Psi, Telegram, TotalCommander.
Echelon also tries to steal credentials from a number of crypto wallets: Armory, AtomicWallet, BitcoinCore, ByteCoin, DashCore, Electrum, Exodus, Ethereum, Jaxx, LitecoinCore, Monero, and Zcash.
How and Where Does Echelon Spread?
The Echelon malware sample SafeGuard Cyber researchers discovered was posted to a crypto-related Telegram channel. The cybercriminals who shared it there evidently expected unsuspecting chat participants to download and execute the malware, but it remains unclear how many actually did so.
In any case, the malicious actor's decision to deploy the malware in a specialized forum suggests they did their research and made sure to target individuals likely to own cryptocurrency
How to Protect Your Crypto Wallet Against Echelon
As a general rule of thumb, you should never click on suspicious links or download files from unknown sources. Obviously, this includes Telegram groups.
If you do download a file from an unverified source, do not unpack or execute it. Immediately delete the file and scan your device with anti-malware software. It's always a good idea to check if the file contains malware before doing anything with it.
As outlined above, Echelon steals credentials from all sorts of different programs and platforms. This is why you should never use the same password for every application you use regularly. Instead, make sure you use unique, complicated passwords and enable two-factor authentication when possible.
Additionally, changing passwords every few months can add a layer of security all around.
Just like it's never a good idea to keep all of your money in a single online bank account, it is not optimal to use just one crypto wallet. Consider creating several crypto wallets, and make a dedicated one for daily transactions—this should at the very least mitigate damage in the event of a breach.
Choosing a Secure Crypto Wallet
Even if you pay close attention to your cybersecurity hygiene, invest in robust anti-malware protection, use different passwords, and do everything right, the chances of falling victim to an attack are still not zero.
Put simply, if your crypto wallet is online or otherwise connected to the internet, it can be breached.
By far the safest option in terms of cryptocurrency wallets is so-called cold storage. A cold crypto wallet is a physical device, a piece of hardware that keeps your private cryptocurrency keys completely offline, and thus makes it virtually impossible for anyone to steal from you.
Most cold wallets are very safe, easy to use, look like USB flash drives, and are certainly an investment to consider for anyone serious about crypto