Cybercriminals have set up a fake download page for the DirectX 12 graphics API in order to spread malware. The malware is targeting cryptocurrencies and other user data. The information is collected and sent to a server.
This is what the security researcher Oliver Hough found out. The fake page can be reached under the URL “directx12download.com” and has a contact form, a disclaimer, and copyright and privacy notices. Because of this, many users might think that this is a legitimate download site. When clicking on the buttons, the user is referred to an external page.
DirectX 12 is included in Windows 10
Since DirectX is software written by Microsoft, the program should only be obtained from the Redmond-based servers. The graphics API is included as standard in all modern Windows installations so that a manual download is no longer necessary.
Anyone who tries to obtain DirectX 12 from third-party websites is putting their computer at considerable risk. After the files provided on the fake site have been downloaded and executed, malware is installed on the PC. The program accesses the user’s cookies, files, and system information. A list of the installed applications and screenshots of the desktop are also collected.
However, the worst of the malware is likely to hit users who have cryptocurrency wallets stored on their computers. The malware tries to access the Ledger Live, Waves. Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Atomic, and Monero client services. The tapped data is stored in a folder in the “% Temp%” directory and sent in the form of a zip archive to a server, where it can then be evaluated by the malware author.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.