Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page Fake Microsoft DirectX 12 site pushes crypto-stealing malware

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-20-2025, 07:20 AM
Artifact's Avatar

Artifact Artifact is offline
Administrator
Join Date: Jan 2024
Posts: 0
Default


Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.
Even though the site comes complete with a contact form, privacy policy, a disclaimer, and a DMCA infringement page, there is nothing legitimate about the website or the programs it distributes.

Fake Microsoft DirectX 12 download page
When users click on the Download buttons, they will be redirected to an external page that prompts them to download a file. Depending on whether you click on the 32-bit or 64-bit version, you will be offered a file named '6080b4_DirectX-12-Down.zip' [VirusTotal] or '6083040a__Disclaimer.zip' [VirusTotal].
What both of these files have in common is that they lead to malware that tries to steal victims' files, passwords, and cryptocurrency wallets.
First discovered by security researcher Oliver Hough, when the fake DirectX 12 installers are launched, they will quietly download malware from a remote site and execute it
This malware is an information-stealing malware that attempts to harvest a victim's cookies, files, information about the system, installed programs, and even a screenshot of the current desktop.

Harvesting data from the infected computer
With the cryptocurrency craze in full swing, the malware developers also attempt to steal a wide variety of cryptocurrency wallets for Windows software, such as Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero.

Stealing cryptocurrency wallets
All of the data is collected into a %Temp% folder, which the malware will zip up and send back to the attacker. The attack can then analyze the data and use it for other malicious activities.
Threat actors are increasingly creating fake websites, and in many cases far more convincing websites, to distribute malware.
In the past, BleepingComputer has reported on malware distributors creating fake sites promoting ProtonVPN, Windows system cleaners, and BleachBit that push password-stealing Trojans on unsuspecting visitors.
With the web continuing to be the wild west, it is vital to take a paranoid approach to download software and only install software from trusted sites or the developer's site.
As DirectX is a Microsoft feature, it makes sense that you should only install it from Microsoft and that downloading it from anywhere else can likely lead you to trouble.
 

Tags
NULL

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 01:50 PM.

Contact Us - Carder.life - Archive - Top