Undoubtedly, cryptocurrency is one of the least understandable but most talked terms in recent years. But if previously, there have been some doubts concerning it, now, everything turned upside down. Say, Bitcoin will reach $100,000 mark by the end of this year. This is the best proof cryptocurrency is getting more popularity. But this also means the crypto-crimes will raise as well. However, if many malware authors are doing their best to disguise as well as possible, there are some that even don’t try.
As Palo Alto Networks reports, many crypto criminals display their malware products as to be for educational or research purposes only. Of course, those who are looking for programs that will steal cryptocurrencies, know what those malware are in real. One of such ‘products’ is WeSteal.
WeSteal Is Known As The “Leading Way To Make Money In 2021”
If you have search for such a malware, the name WeSupply Crypto Stealer should be familiar to you. It has been on the market (in the underground forums) since May 2020. It’s been created by a developer under the name WeSupply. Another dev, ComplexCodes, started selling WeSteal in mid-February this year.
What do these two have in common? ZDnet believes that WeSteal is an evolution of the WeSupply Crypto Stealer project. As for advertisement, they prove WeSteal is the “world’s most advanced crypto stealer.” Their slogan is “WeSupply — You profit”. Sounds good, though it’s not legal.
Moreover, as their ad claims, the malware includes victim tracker panel, automatic start, antivirus software circumvention, and so on. What we see in the ad is: “It steals all Bitcoin (BTC) and Ethereum (ETH) coming in and out of a victim’s wallet through the clipboard, it also has plenty of features like the GUI/Panel which is just like a RAT [Remote Access Trojan].”
How Does WeSteal Work?
In fact, the principle of work of WeSteal malware is simple. It scans for strings related to wallet identifiers copied to a victim’s clipboard. When it finds identifiers, it automatically replaced wallet addresses with attacker-controlled wallets. Once done, all cryptocurrency transfers will land in operator’s pocket.
And though the malware program is considered to be a very effective tool in stealing cryptocurrency, one of the researchers can’t understand why users trust it. “WeSteal is a shameless piece of commodity malware with a single, illicit function. Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. It’s surprising that customers trust their “victims” to the potential control of the malware author, who no doubt could, in turn, usurp them, stealing the victim “bots” or replacing customers’ wallets [..] it’s also surprising the malware author would risk criminal prosecution for what must surely be a small amount of profit.”