Since its advent in 2008, cryptocurrency has gone from being an obscure internet trend to a mainstream unit of currency. The rising value of cryptocurrencies combined with the endorsement of public figures has attracted users from across the globe. However, this has also prompted attackers to run scams, develop malware, and breach crypto exchanges, to defraud users and legitimate crypto businesses.
CloudSEK’s flagship digital risk monitoring platform XVigil, which continuously scours the internet for cyber threats, recently identified a malicious domain (windows11-upgrade11[.]com) that acts as a launchpad for a crypto stealer. In this report, we delve into the features of the domain, the crypto-stealer malware’s execution flow, and the functionality of each of its modules.