Trojan.CryptoStealer.Go

Short bio

Trojan.CryptoStealer.Go is Malwarebytes’ generic detection name for a Trojan that searches the affected system for cryptocurrency wallets and is written in the programming language GoLang.

Type and source of infection

Trojan.CryptoStealer.Go searches in several folders on an affected machine for cryptocurrency wallets. Once the search is complete the stealer zips it all into one package and uploads the stolen data to a C&C server. Some of these Trojans also search browser cookies for financial transactions data.
Trojan.CryptoStealer.Go is often downloaded and installed by users themselves under false pretences. For example as CryptoMiners.

Protection

Malwarebytes protects users from Trojan.CryptoStealer.Go by using real-time protection.

block Trojan.CryptoStealer.Go

Malwarebytes blocks Trojan.CryptoStealer.Go

Remediation

Malwarebytes can detect and remove Trojan.CryptoStealer.Go without further user interaction.

  1. Please download Malwarebytes to your desktop.
  2. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  3. Then click Finish.
  4. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  5. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  6. When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  7. Restart your computer when prompted to do so.

Related blog content

Analyzing a new stealer written in Golang

What is cryptocurrency and why do cybercriminals love it?

Information stolen? What now?

Select your language