The BABADEDA Crypter – an Emerging Crypter targeting the Crypto, NFT, and DeFi communities


The cryptocurrency market is now worth more than $2.5 trillion. Unfortunately, this fact is not lost on threat actors. As well as using cryptocurrency themselves to extract ransoms, cybercriminals are now also tailoring malware to exploit the booming market for NFTs and crypto games. In a discovery of critical importance to anyone familiar with this space, Morphisec Labs have encountered a new campaign of malware targeting cryptocurrency enthusiasts through Discord. 

Crucially, the crypter that this campaign deploys, which we have termed Babadeda (a Russian language placeholder used by the crypter itself which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions. Although some variants of this crypter have been noted by other vendors, Morphisec is the first to fully disclose how it works.

For victims, this makes infections highly likely — and dangerous. We know that this malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware. Fortunately, however, even as the threat level for cryptocurrency users rises, we also know that Morphisec’s Moving Target Defense technology is capable of both seeing and stopping Babadeda. 

In this blog post, we will explore how Babadeda is being delivered,

Read More: