The BABADEDA Crypter – an Emerging Crypter targeting the Crypto, NFT, and DeFi communities

 

The cryptocurrency market is now worth more than $2.5 trillion. Unfortunately, this fact is not lost on threat actors. As well as using cryptocurrency themselves to extract ransoms, cybercriminals are now also tailoring malware to exploit the booming market for NFTs and crypto games. In a discovery of critical importance to anyone familiar with this space, Morphisec Labs have encountered a new campaign of malware targeting cryptocurrency enthusiasts through Discord

Crucially, the crypter that this campaign deploys, which we have termed Babadeda (a Russian language placeholder used by the crypter itself which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions. Although some variants of this crypter have been noted by other vendors, Morphisec is the first to fully disclose how it works.

For victims, this makes infections highly likely — and dangerous. We know that this malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware. Fortunately, however, even as the threat level for cryptocurrency users rises, we also know that Morphisec’s Moving Target Defense technology is capable of both seeing and stopping Babadeda. 

In this blog post, we will explore how Babadeda is being delivered, what an in-depth technical analysis of this malware tells us about it, and how it can be stopped.

*** This is a Security Bloggers Network syndicated blog from Morphisec Breach Prevention Blog authored by Hido Cohen & Arnold Osipov. Read the original post at: https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities