Crypto Investors be aware of Babadeda, It is Undetectable!
If you are crypto investor, NFT aficionado or DeFi passionate then this is a must read for you. Babadeda is real.
Couple of days ago a new malware was discovered. Babadeda is an undetectable malware installer. It allows blockchain thieves to breach Discord channels. Babadeda is capable of bypassing any antivirus solutions and stage a variety of attacks.
The booming market of NFTs and crypto games was bound to be exploited at some point. And it seems like that is happening as of May 2021 (reported by Morphisec researchers). According to the researchers, this crypto-malware was used in several campaigns to deliver information stealers, RATs and ransomware like LockBit.
Because the malware is so good at evading antivirus solutions, it enables the hackers to enter the Discord channels without being detected. Thus, allowing Babadeda to start its malicious campaign in stealing NFTs, DeFi, and other digital tokens.
How Does Babadeda Works?
According to HackersNews the new Babadeda malware installer works by simply encrypting malicious codes. As a result, it makes them harder to be detected by the antivirus solution. That is why it is also referred as Crypter.
But that’s not all. The Babadeda crypter can also obfuscate and manipulate this codes. Morphisec experts added that hackers use this new tool to send decoy messages to their targeted Discord channels.
Most of the attacks observed by the researchers that targeted crypto communities are based on the Discord platform. Threat actors shared download links via Discord channels.
In the campaign that we observed, a threat actor took advantage of these features in order to phish victims. The threat actor sent users a private message inviting them to download a related application that would supposedly grant the user access to new features and/or additional benefits. Because the actor created a Discord bot account on the official company discord channel, they were able to successfully impersonate the channel’s official account. – reads the report published by Morphisec
In one of the attacks the threat actor sent decoy messages to potential victims on Discord channels related to games such as “Mines of Dalarnia“. The message would ask the recipient to download an application. But, the given URL link would redirect the user to a phishing domain that actually contains a download link for the Babadeda installer.
Upon execution, the installer triggers an infection sequence. The malicious app then would decode and load the encrypted payload to harvest valuable information.
Read More Security Updates on: Google Bans 151 Android Apps – Tech in Deep
Why is Babadeda so efficient?
Well first of all this is a very sophisticated attack. It obscures its malicious code and it is able to bypass any antivirus solutions. But it does rely on trusted attack vectors. Thus, allowing its distributors to have such a fast-growing selection of potential victims.
When the victims machine has been exposed to the malware, it masquerades as a known application. Because every single malicious software uses a specific type of technology to deploy its attack, the antivirus solutions do use this fact to find malware on infected computers. This is known as a signature-based detection. But because the malicious payload is encrypted, the antivirus has no way of triggering an alarm and notify the user of a potential attack. So there is no way of knowing if Babadeda has invaded your PC and there is no way of stopping it.
Where did babadeda origin?
Because of the Russian language displayed on one of the phishing sites, the Morphisec researchers attribute these attacks to a threat actor from a Russian-speaking country. Currently there are 84 malicious domains, created between July 24, 2021 and November 17, 2021.
What to do if Your Crypto Tokens were Stolen
Because of its rapid growth, the attackers are aiming for the crypto industry. Once you have been exposed to babadeda, you need to do the following:
- Contac Your crypto company customer service and notify them about it. Take action immediately. This just might save you from losing the tokens.
- Change Your password right away. By changing your password you can rest assured there wont be further thefts.