Crypto is gaining traction worldwide. Unfortunately, however, this also means several nefarious ways of creating disruptions in the community. That happens through hacks, thefts, and botnets. Recently, Check Point Research (CPR) has spotted a botnet variant that stole half a million dollars worth of crypto: Twizt.
Named Twizt, this botnet is a descendant of Phorpiex, well-known for extortion campaigns. Those worms spread via removable USB drives and instant messaging apps. Moreover, they became more resilient with time, delivering more dangerous payloads.
On the other hand, the Twizt botnet steals crypto during transactions via substituting the intended wallet address with the threat actor’s wallet address. Moreover, Twizt adopts a technique called “crypto clipping” to evade security mechanisms. But what is “crypto clipping”?
Crypto clipping is basically the theft of crypto during transactions via malware. The malware automatically substitutes the intended wallet address with the threat actor’s wallet address.
Since 12 months, this botnet has stolen around 3.64 Bitcoin ($177,304), 55.87 Ether ($227,837), and $55,000 in ERC20 tokens. Also, most of its victims reside in Ethiopia, Nigeria, and India.
What’s interesting with Twizt is that it uses a peer-to-peer model. This means that it can receive commands and updates from thousands of other infected machines. Moreover, A peer-to-peer model is hard to track and disrupt. On the other hand, Twizt can evade security mechanisms such as firewalls. Finally, the botnet can attack more than 30 different types of crypto including Bitcoin, Ethereum, Dash, and Monero.