A PennyWise malware that steals crypto just spread out on YouTube and it targets ZCash and Ethereum wallets like Coinomi, Atomic Wallet and Electrum so let’s have a closer look at our latest cryptocurrency news.

The new strain of crypto-malware is being spread via YouTube and tricks users into downloading software that is designed to steal data from wallets and crypto browser extensions. The cyber intelligence company Cyble said that it is tracking the malware known as PennyWise named after the monster from the horror novel “IT” since it was identified in May. Cyble wrote:

“Our investigation indicates that the stealer is an emerging threat. In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications such as cold crypto wallets, crypto-browser extensions, etc.”

The PennyWise malware steals data from crypto wallets and crypto extensions on the browser and the stolen data comes in the form of Chromium and Mozilla browser information but it can take screenshots and steal sessions of chat applications from Telegram and discord. The malware targets cold wallets like Bytecoin, Jaxx, Exodus, Armory, Electrum, Guarda, Atomic Wallet, and Coinomi as well as wallets supporting Ethereum and Zcash by looking for the wallet files in the directory and sending a copy of the files to the attackers.

The cybersecurity company noted that the malware is spread on YouTube mining education videos that purported to be free BTC mining software. The cybercriminals upload videos instructing the viewers to visit the link in the description and to download free software while encouraging them to disable the antivirus software that enables the malware to run. Cyble said that the attackers had up to 80 videos on their channel but then the channel was removed. There were other smaller channels on YouTube discovered later with videos promoting free NFT mining, free Spotify premium, game cheats, and more. Most of the accounts were created in the past 24 hours.

The malware is designed to stop itself if it finds out the victim is based in Ukraine, Russia, Kazakhstan, and Belarus. Cyble found that the malware converts the victim’s timezone data to a Russian Standard time when the data is then sent to the attackers. Back in February, malware named Mars Stealer was identified and targeted crypto wallets that work as a Chromium Browser extension like Binance Chain wallet, Coinbase wallet, and Metamask. Chainalysis also warned that even low-skilled cybercriminals are using malware to take funds from the crypto holders with cryptojacking accounting for 73% of the total value from malware-related addresses from 2017 to 2021.