
A cryptocurrency called SpriteCoin promises high returns and when its software is installed it infects the computer with Ransomware and Malware, with a ransom of around $US100 in Monero coin.

The SpriteCoin ransomware is advertised on forums as a legitimate cryptocurrency to invest in. When the SpriteCoin is installed on your computer, however, it installs ransomware software and encrypts files. Such a social engineering attack is taking advantage of the recent hype surrounding Bitcoin investments.

The ransomware demands 0.3 Monero coins which is equivalent to around $US100. The software, however, installs additional malware even if the user pays the ransom. One of the targets of the malware is access to the victim’s webcam. The software consists of an exe file and has been targeting Windows operating systems.

The ransom is quite small in comparison to other ransomware demands in the past. The attack could be a proof-of-concept or pilot attack to test the waters for a much larger scam.

Spritecoin asks for ransom in Monero which isn’t the first time the alternate coin was used as payment for an attack. The switch from Bitcoin to Monero may exist because the Bitcoin hype has caused the currency to be slower and more costly.

SpriteCoin uses an embedded SQL engine which may be connected to a larger database management system. The system may be collecting details, such as credentials and other information, from the victim’s computer.

The attack initially looks for Chrome credentials and if this fails will move on to search for Firefox ones. The attack then encrypts files and adds a .encrypted file extension to the end of the files.

SpriteCoin is unique in that it uses a cryptocurrency wallet to disguise a ransomware and malware package. Ransomware usually uses phishing attacks through web or email, making SpriteCoin stand out from previous attacks. The key component of SpriteCoin, however, remains the same with a core social engineering attack.