Geo News

Netizens warned of crypto wallet theft via malware

Pakistan Cyber Emergency Response Team identifies large-scale phishing campaign

By
Our Correspondent
|

March 06, 2025

A representative image showing a person using a laptop. — Reuters/File
A representative image showing a person using a laptop. — Reuters/File
  • Virus can steal login, browser information, cryptocurrency wallet data.
  • Virus is spread using fake bot detection system images in PDF files.
  • Attackers force users to download malicious PDFs by modifying search engines.

ISLAMABAD: Netizens have been warned that hackers have become active in stealing cryptocurrency wallet data with the help of malware, The News reported on Thursday.

A virus named Leuma Stellar could steal login, browser information, and cryptocurrency wallet data which could then be sold on hacking forums.

The Pakistan Cyber Emergency Response Team, under the Cabinet Division, has issued an advisory, saying that the virus is spread using fake bot detection system images in PDF files. A large-scale phishing campaign has been identified through the bot detection system.

According to the advisory, attackers force users to download malicious PDFs by modifying search engines. The PDF files contain images of a fraudulent bot detection system. Clicking on the images redirects users to phishing websites.

These websites steal financial information or infect systems with malware viruses.

The advisory states that the virus could also misuse the internet of victims. The phishing campaign has affected users in the technology, financial services and manufacturing sectors.

The advisory recommends training in identifying malicious PDFs, monitoring fake websites and reporting fraudulent domains.

The advisory recommends that organisations regularly back up and verify recovery processes for important data, update all systems to prevent attacks, adopt a multi-factor authentication system and strengthen cybersecurity defences.

The warning comes days after it was revealed that Pakistani networks were facing security threats from companies providing cybersecurity and virtual private network (VPN) access.

Flaws have been identified in the networks of cybersecurity provider Palo Alto and the SonicWall, the company which provides VPN access. There are fears of hackers accessing the networks used by these companies.

In January, the National Telecom and Information Technology Security Board warned of hackers' new campaign of cyberattacks to steal their personal information.

In the new types of cyberattacks, popular browsers are attacked to steal sensitive data. Fake techniques are used to send suspicious code, it said.

Websites like Facebook and banking websites are being used to steal personal information, read the advisory while urging the users to update apps on a daily basis and install a licensed antivirus on their devices.

Talks underway with Musk-owned Starlink: PTA chairman
Talks underway with Musk-owned Starlink: PTA chairman
Apple launches new iPad Air with AI features to stoke demand
Apple launches new iPad Air with AI features to stoke demand
WhatsApp makes calling smoother with new update
WhatsApp makes calling smoother with new update
UK launches investigation into TikTok, Reddit over children's personal data practices
UK launches investigation into TikTok, Reddit over children's personal data practices
Indonesians swindled by scams using President Prabowo deepfakes
Indonesians swindled by scams using President Prabowo deepfakes
50 years after Apollo, Nasa's private Moon fleet eyes two lunar landings in week
50 years after Apollo, Nasa's private Moon fleet eyes two lunar landings in week
What exciting new update is WhatsApp rolling out now?
What exciting new update is WhatsApp rolling out now?
Wispap calls for intervention to break internet duopoly choking growth in Pakistan
Wispap calls for intervention to break internet duopoly choking growth in Pakistan