{"id":10283,"date":"2018-02-02T09:00:25","date_gmt":"2018-02-02T14:00:25","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=10283"},"modified":"2020-02-26T19:00:04","modified_gmt":"2020-02-26T15:00:04","slug":"spritecoin-fraud","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/spritecoin-fraud\/10283\/","title":{"rendered":"Selling cryptocastles in the sky"},"content":{"rendered":"<p>From mid-January to mid-December of 2017, the price of Bitcoin jumped more than twentyfold, peaking at nearly $20,000 per coin. Fellow cryptocurrencies Ethereum and Monero haven\u2019t reached that level, but their relative growth was even more impressive. As usual, <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/bitcoin-why-so-expensive\/\" rel=\"noopener noreferrer nofollow\">many are lured<\/a> by the prospect of making a fast buck on the back of this new gold rush.<\/p>\n<p>Ordinary users are mining virtual coins or buying up cryptocurrencies on online exchanges in the hope of a major windfall, and cybercrooks are coming up with all kinds of devious scams. We\u2019ve already <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/crypto-phishing\/19495\/\" rel=\"noopener noreferrer nofollow\">discussed<\/a> several traps that cryptocurrency enthusiasts will want to avoid. Recently, researchers <a target=\"_blank\" href=\"https:\/\/www.helpnetsecurity.com\/2018\/01\/23\/fake-cryptocurrency-wallet-carries-ransomware\/\" rel=\"noopener noreferrer nofollow\">discovered<\/a> a new scheme involving the use of ransomware masquerading as an e-wallet for a <em>nonexistent<\/em> \u2014 seriously, imaginary \u2014 cryptocurrency.<a href=\"https:\/\/me-en.kaspersky.com\/blog\/files\/2018\/03\/spritecoin-fraud-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/me-en.kaspersky.com\/blog\/files\/2018\/03\/spritecoin-fraud-featured-1024x672.jpg\" alt=\"\" width=\"1024\" height=\"672\" class=\"aligncenter size-large wp-image-10284\"><\/a><\/p>\n<p><strong><\/strong><\/p>\n<h2>How does that work?<\/h2>\n<p><\/p>\n<p>First of all, we should note that the list of cryptocurrencies is not limited to Bitcoin, Monero, and Ethereum: The website Coinmarketcap, for example, <a target=\"_blank\" href=\"https:\/\/coinmarketcap.com\/\" rel=\"noopener noreferrer nofollow\">lists<\/a> almost 1,500 varieties of online-only money. Related forums are abuzz with talk about which exotic little coin will be the next to soar.<\/p>\n<p>Swindlers are exploiting the clamor, luring people to download wallets for SpriteCoin, supposedly the next big thing in the world of crypto. But a simple search shows that Google knows nothing about it (or rather, the only information you can find on SpriteCoin is about this very fraud), but it seems some cryptoinvestors aren\u2019t slowing down long enough to hit up Google for information.<\/p>\n<p>The SpriteCoin pseudo-e-wallet takes a while to reveal its true colors. First, it prompts the user to create a password, and then it does a good impression of downloading blockchain components. This does not arouse suspicion; any so called \u201cthick\u201d e-wallet, when first launched, synchronizes with its network and downloads the cryptocurrency\u2019s entire blockchain to become a valid member of the blockchain.<\/p>\n<p>In the case of SpriteCoin wallets, however, the progress bar isn\u2019t counting down a useful download but rather files being encrypted on the victim\u2019s computer. The malicious wallet adds the extension .encrypted to the encrypted files and, if it receives the command, even deletes <a target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Shadow_Copy\" rel=\"noopener noreferrer nofollow\">Windows shadow copies<\/a> so that the user cannot repair the affected files. In addition to that, the malware sends any logins and passwords stored in Firefox and Chrome straight to the criminals. The data is exchanged through the Tor network, letting the scammers remain anonymous.<\/p>\n<p>Thereafter, it\u2019s textbook: Files are encrypted and an on-screen window displays a demand for 0.3 Monero (about $100 as of today). Unlike SpriteCoin, Monero is real and is starting to replace Bitcoin as the go-to currency for criminals because it offers a higher level of anonymity. The crooks don\u2019t threaten to destroy the files but instead say that the data will remain inaccessible if the victim doesn\u2019t pay. If the malware, also known as <a target=\"_blank\" href=\"https:\/\/sensorstechforum.com\/remove-moneropay-virus-spritecoin-restore-encrypted-files\/\" rel=\"noopener noreferrer nofollow\">MoneroPay<\/a>, receives the command to remove shadow copies, this threat will most likely become reality.<\/p>\n<p>But even if the user caves, their troubles do not end there. The decryption key they receive comes with a second piece of malware that spies through their webcam, steals digital security certificates, and does other unpleasant things.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<p><strong><\/strong><\/p>\n<h3>How to guard against SpriteCoin<\/h3>\n<p> <\/p>\n<ol>\n<li><strong> Do a little research. <\/strong>Before taking advantage of a great-looking offer on the advice of an online acquaintance, at least find out what it\u2019s all about. Think before you take the plunge. Most \u201ctoo great to be true\u201d offers are great only for the other party.<\/li>\n<li><strong> Make regular backup<\/strong><strong>s.<\/strong> You might not feel like it, but safe is better than sorry. Besides, there are <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/how-to-backup\/18914\/\" rel=\"noopener noreferrer nofollow\">lots<\/a> of backup methods these days, so you can choose the one that best fits your routine.<\/li>\n<li><strong> Take preemptive action.<\/strong> <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" rel=\"noopener noreferrer nofollow\">A good antivirus solution<\/a> will protect you against both the initial Trojan and whatever arrives on its coattails. But keep in mind that the best (and sometimes the only) security against many other <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/cryptocurrencies-intended-risks\/19136\/\" rel=\"noopener noreferrer nofollow\">threats on the cryptocurrency market<\/a> is your own vigilance.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>The cryptomining boom is helping scammers make money out of thin air. The latest method involves fake currency and ransomware.<\/p>\n","protected":false},"author":2484,"featured_media":10284,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[374,1308,1505,1638,1201,80,1012,433,1144,521],"class_list":{"0":"post-10283","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-bitcoin","9":"tag-blockchain","10":"tag-cryptocurrencies","11":"tag-cryptophishing","12":"tag-cryptors","13":"tag-fraud","14":"tag-internet","15":"tag-ransomware","16":"tag-technologies","17":"tag-threats"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/spritecoin-fraud\/10283\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/spritecoin-fraud\/12412\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/spritecoin-fraud\/14573\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/spritecoin-fraud\/12811\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/spritecoin-fraud\/12399\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/spritecoin-fraud\/15224\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/spritecoin-fraud\/14982\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/spritecoin-fraud\/19583\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/spritecoin-fraud\/20972\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/spritecoin-fraud\/15798\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/spritecoin-fraud\/9276\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/spritecoin-fraud\/19401\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/spritecoin-fraud\/19513\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/spritecoin-fraud\/19516\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10283"}],"version-history":[{"count":4,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10283\/revisions"}],"predecessor-version":[{"id":16045,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10283\/revisions\/16045"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/10284"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}