Monday, November 27, 2023

Clicker Beware: New Study Reveals the Crypto Search Terms and URLs Most Likely to Contain Malware

The world of cryptocurrency has been a rollercoaster of fortunes and misfortunes, attracting both seasoned investors and newcomers eager for quick riches.

To navigate this landscape, investors must stay vigilant and understand the risks beyond investing. And they include the threat from hackers and criminals. These bad actors are always looking for ways to exploit, deceive, and ensnare crypto enthusiasts. One method involves loading URLs from search results of popular crypto terms with malware and other malicious programs. Oneclick, and the hackers are in your system.

CoinKickOff decided to investigate this very real threat. Its researchers analysed 28,000+ URLs to see which crypto terms most commonly lead to malware or other security risks. They then put all the findings into charts and tables, creating valuable resources to help you avoid these dangerous links.

Here's a full breakdown of the study.

Hackers Targeting Altcoin Investors

Altcoins can yield huge profits if you pick the right coin at the right time. In the frenzy of the crypto bull markets, these coins can surge by thousands of percentage points, turning a few dollars into serious profits.

But what goes up must always come down. And in the crypto world, that comedown crash can wipe out all your gains in seconds.

The get-rich-quick potential of altcoin investments tends to attract a younger, less experienced type of investor. Many have little to no experience with financial products, making them ripe targets for hackers and scammers who circle like sharks.

So it should be no surprise to hear that the most dangerous URLs loaded with potential malware include references to altcoins and altcoin projects.

The CoinKickoff research team found severe red flags in search results for Stellar, a cryptocurrency designed for fast and low-cost cross-border transactions. They contained the highest number of potential malware links. Almost 4 out of 10 (38%) showed signs of malware or ransomware; that's the highest percentage found in the entire study.

Other terms to avoid when researching altcoins online include Aave (36%), Cronos (32%), Tron (30%), and The Graph (29%).

Crypto Wallet Links Hiding Malware

Cybercriminals are a persistent and diligent bunch. They look for (and exploit) every possible opportunity to steal our data and sneak nasty programs onto our devices.

The hacker targeting crypto enthusiasts is no different. They're seeking malware on any crypto-related links, including those in search results for crypto wallets.

Crypto wallets are pretty self-explanatory. A crypto wallet allows individuals to securely store, send, and receive cryptocurrencies like Bitcoin and Ethereum. It consists of a private key for accessing and managing the user's cryptocurrency holdings and a public address for receiving funds.

Crypto wallets allow users to take (virtual) custody of their coins, instead of leaving them on exchanges. Think of exchanges like a bank and a crypto wallet as your personal vault in the basement, with a secret code only you know.

This idea of self-custody is a big deal in the crypto community, especially for the libertarian types who distrust banks, financial institutions, and governments.

But not all wallets are created equal, and not all online searches for wallets are safe.

Proceed with (extreme) caution if you're researching Jaxx Liberty wallets. CoinKickoff found that clicking on nearly 47% of URLs mentioning the wallet could turn you into a cyber hacker's next victim.

Cybercriminals are also hiding malware in URLs mentioning Digifox, Staked Wallet, and Xapo Wallet.

"Bad" Crypto Exchange URLs

Let's turn our attention to the cryptocurrency exchange search terms to avoid.

Cryptocurrency exchanges are online platforms that facilitate the buying, selling, and trading of cryptocurrencies. They serve as intermediaries connecting buyers and sellers of cryptocurrencies and provide a marketplace for users to exchange one cryptocurrency for another or fiat currency.

There are an estimated 504 cryptocurrency exchanges to choose from, and search for.

When deciding where to buy your Bitcoin, it's best to avoid researching exchanges like Coinsbit, Latoken, MEXC, and BTCEX. Around 40% of search results for these crypto exchanges contain links that you wish you'd never clicked on.

Instead, stick to the more established players, like Coinbase and Kraken. Neither exchange features in the study, suggesting that the majority of Coinbase/Kraken search results are malware-free.

Malicious Metaverse Links

Next up, the CoinKickOff team looked at the number of malicious links disguised in URLs from popular Metaverse search terms.

Biswap has the dubious honour of coming out on top in this chart. Clicking on Biswap links will take you into an expansive online metaverse ecosystem featuring trading opportunities, NFT platforms, gaming, and virtual marketing spaces.

However, over 40% of these links (42.70%, to be exact) could load up your device or PC with a malware program.

There was also a high percentage of nasty links within search results of other native metaverse tokens, including Efinity Token, Ethernity Chain, and RichQUACK.

The Dangers Lurking within NFT Links

The lack of regulation (and security) within the Non-Fungible Token (NFT) space is a cybercriminal's dream. The NFT ecosystem is anonymous, offers zero consumer protection, and runs on transactions that are 100% irreversible. It's the definition of what some critics have called the "Wild West" economy of digital assets.

And it explains why so many NFT URL search results are loaded with malware designed to steal digital loot from holders.

Searches for Dreadfulz NFTs contain the most danger. CoinKickOff researchers found evidence suggesting that more than 1 in 2 links that come up (51.92%) should never be clicked.

Crypto Mining Links

CoinKickOff rounded off the study with a look at links related to searches for crypto mining software. Crypto mining is the engine of the industry. It’s the complex process of creating new cryptocurrency units and verifying transactions on a blockchain network.

It requires some serious hardware. Miners also need the right software. And this is where the danger lurks for miners or aspiring miners. Searches for several popular forms of mining software, including Hashgains, Startminer, Hashflare, and Etherpool's network, bring up a high number of URLs which may be disguising malware.

But the biggest threat is hiding within searches for OXBTC, a cloud mining software platform. Half of all its search links contain red flags suggesting the presence of malware.

How to Avoid Malware

If you still want to invest in crypto, then you need to do your research. And you need to know how to avoid downloading malware. You can significantly reduce your risk by:
  • Using Reputable Sources: Stick to well-known and trusted websites, forums, and communities for cryptocurrency information.
  • Checking for Phishing Sites: Double-check website URLs for accuracy to avoid phishing sites that mimic legitimate cryptocurrency platforms.
  • Verifying Software Sources: Only download cryptocurrency-related software from official websites or app stores to avoid fake or malicious versions.
  • Keeping Software Updated: Ensure your cryptocurrency wallets and software are updated with the latest security patches.
  • Using Security Software: Install reputable antivirus and anti-malware software to provide additional protection.
  • Enabling Two-Factor Authentication (2FA): Implement 2FA wherever possible to enhance the security of your cryptocurrency accounts.
  • Avoiding Clicking on Suspicious Links: Be cautious when clicking on links in emails or social media, especially if they promise unrealistically high returns or demand urgent action.
Stay safe out there. And good luck!







Read next: The Hidden Cost of Convenience: New Study Exposes the Most Data-Hungry Personal Finance Apps
by Irfan Ahmad via Digital Information World

No comments:

Post a Comment