Select Page

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks.

“[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware,” Morphisec researchers said in a report published this week. The malware distribution attacks are said to have commenced in May 2021.

Crypters are a type of software used by cybercriminals that can encrypt, obfuscate, and manipulate malicious code so as to appear seemingly innocuous and make it harder to detect by security programs — a holy grail for malware authors.

The infiltrations observed by Morphisec involved the threat actor sending decoy messages to prospective users on Discord channels related to blockchain-based games such as Mines of Dalarnia, urging them to download an application. Should a victim click a URL embedded within the message, the individual is directed to a phishing domain designed to resemble the game’s legitimate website and includes a link to a malicious installer containing the Babadeda crypter.

images from Hacker News