Criminals play on cryptocurrency hype with fake coin launch

'SpriteCoin' installs ransomware into victims' systems - and then installs more malware when they pay

The hype around cryptocurrencies has never been higher. Bitcoin climbed more than 1,000 per cent in value last year, and other coins like Ethereum rose, too. Investors are pushing to have the chance to put their money into blockchain; and cybercriminals are well aware.

Researchers at Fortinet have found a new threat called ‘SpriteCoin', billed as ‘[the] new cryptocurrency written entirely in JavaScript' - but it hides a nasty secret.

Potential buyers are urged to download a wallet to access the currency. This, in the form of an .exe file, is actually ransomware that encrypts files under the guise of downloading the blockchain that ‘SpriteCoin' is supposedly built on.

It's not only the computer that is locked; the malware also harvests the user's Chrome and Firefox browser credentials, storing them using an embedded SQLite engine. They are then sent to the attackers' Tor website using POST requests.

Victims are somewhat ironically told to pay using the Monero cryptocurrency to have their files unlocked: 0.3 Monero, currently worth about £65.

The malware stresses that users will get their files back if they pay - and of course, you can trust criminals.

Instead of their files, victims who pay instead receive fresh malware (‘W32/Generic!tr'), which could leave them even more at risk. The second programme can activate webcams, harvest certificates and parse images.

Like most ransomware, SpriteCoin is delivered through social engineering techniques, although it differs in using forum links rather than email scams.

Fortinet believes that the ransomware is not about the money, but is focused on testing new payload delivery mechanisms. "This is very similar to when attackers would test to see how effective or fast a worm would spread before really launching it. This could be the same concept," senior security researcher Tony Giandomenico told ZDNet.