BleepingComputer reports that a fake Microsoft DirectX 12 download page is spreading cryptocurrency-stealing malware.
The fake website comes with a disclaimer, a DMCA infringement page, a contact form and a privacy policy, which makes it appear legitimate. However, upon clicking the download button, users will be sent to an external page that instructs them to download a file that is either named 6083040a__Disclaimer.zip or 6080b4_DirectX-12-Down.zip, depending on the 32-bit or 64-bit version chosen. Both files will attempt to steal the victim’s passwords, files and cryptocurrency wallets, including those for Aomtic, Coinomi, Electron Cash, Jaxx and Ledger Live.
This information-stealing malware will try to steal the user’s cookies, installed programs, system information and files, and will even take a screenshot of the victim’s desktop. These data will be gathered in a %Temp% folder, which will then be zipped and sent back to the attacker, and may be used for other malicious activities.
The fake website comes with a disclaimer, a DMCA infringement page, a contact form and a privacy policy, which makes it appear legitimate. However, upon clicking the download button, users will be sent to an external page that instructs them to download a file that is either named 6083040a__Disclaimer.zip or 6080b4_DirectX-12-Down.zip, depending on the 32-bit or 64-bit version chosen. Both files will attempt to steal the victim’s passwords, files and cryptocurrency wallets, including those for Aomtic, Coinomi, Electron Cash, Jaxx and Ledger Live.
This information-stealing malware will try to steal the user’s cookies, installed programs, system information and files, and will even take a screenshot of the victim’s desktop. These data will be gathered in a %Temp% folder, which will then be zipped and sent back to the attacker, and may be used for other malicious activities.