Samecoin

SameCoin is a multi-platform wiper malware, with versions for Android and Windows, identified in two significant waves of cyberattacks targeting Israeli entities in February and October 2024. The malware was often disguised as an Israeli National Cyber Directorate (INCD) security update, tricking users into unknowingly infecting their systems. It was deployed through suspicious downloads, emails, or websites, and once inside the system, it disrupted operations, possibly stealing personal information or holding data hostage. Notably, the most recent version of SameCoin altered the victim's background to display an image bearing the name of Hamas's military wing, the Al-Qassam Brigades. The malware was first reported by ESET, a cybersecurity company, which later released a newer version of the SameCoin wiper. This updated wiper was used in a malicious campaign impersonating the INCD on February 24. The campaign involved a specially crafted email containing a newly created version of the SameCoin Wiper, which was also deployed in attacks against Israel earlier that year. Researchers have identified clear links between the custom malware used by the group behind these attacks and SameCoin, according to analysis from HarfangLab. Unique code overlaps were found between the group's custom malware and SameCoin, further cementing the connection. The disruptive operations associated with SameCoin and another entity, WIRTE, are believed to be linked, indicating a potentially broader threat landscape.