• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Idelto

Cryptocurrency news website

  • About
  • Monthly analysis
    • August 2019
    • July 2019
    • June 2019
  • Bitcoin/Ethereum
  • How to invest in cryptocurrencies
  • News

malicious software

Cybersecurity Firm Spots a Crypto Stealer Distributed Through a Massive Email Spam Campaign and Discord Channels

13/05/2021 by Idelto Editor

Cybersecurity Firm Spots a Crypto Stealer Distributed Through a Massive Email Spam Campaign and Discord Channels

A crypto stealer seems to have spread through a massive spam campaign across several countries, including the United States, Australia, Japan, and Germany. The malware dubbed “Panda Stealer” has been spotted by a cybersecurity company. It is reportedly also distributed on Discord channels.

Malware Can Also Steal Data From Telegram and Discord Apps

According to the report published by Trend Micro, the stealer is a variant of another malware named “Collector Stealer,” which utilizes the same algorithms to bypass most detection tools. The malware is contained within a malicious Excel file in a .xlsm format.

Once the victim executes a series of Powershell scripts in the infected document, Panda Stealer deploys its malicious processes. It collects sensitive crypto-related data, including private keys and records of past transactions performed with wallets from virtual currencies like dash (DASH), litecoin (LTC), ethereum (ETH).

Researchers from Trend Micro provided further technical details on the malware’s similarities with other ones:

Panda Stealer was found to be a variant of Collector Stealer, which has been sold on some underground forums and a Telegram channel. Collector Stealer has since been cracked by a Russian threat actor called NCP, also known as su1c1de. (…) Like Panda Stealer, Collector Stealer exfiltrates information like cookies, login data, and web data from a compromised computer, storing them in an SQLite3 database. It also covers its tracks by deleting its stolen files and activity logs after its execution.

But the stealer is not limited to catching digital asset-related data from victims. In fact, the study revealed that it has the technical capabilities to steal credentials from Telegram, Nordvpn, and Discord, among others.

Moreover, Panda Stealer can take screenshots from the users’ computers and catch encrypted data in browsers, such as credit card information.

Recent Crypto Malware Stealers Spotted

Bitcoin.com News has reported the surge of crypto-malware over the past few months. Recently, a cryptocurrency-related malware program named “Westeal” has been advertised on darknet forums as the “leading way to make money in 2021,” raising alarms among the cybersecurity community.

The system has the resources to steal bitcoin (BTC) and ethereum, but the malicious code works under a subscription model.

What do you think about the study revealed by the cybersecurity firm? Let us know in the comments section below.

Filed Under: antivirus, Bitcoin (BTC), cryptocurrency, cybersecurity, English, Ethereum (ETH), malicious software, Malware, News Bitcoin, Private Key, Researchers, security

Copay and Bitpay Wallet Apps Were Infected With Malicious Code

27/11/2018 by Idelto Editor

Copay and Bitpay Wallet Apps Were Infected With Malicious Code

A developer has injected a piece of malicious code into the software used by the popular Copay and Bitpay wallets. The safety of the Bitcoin.com wallet was not compromised and the Bitpay app was not vulnerable to the attack, but Copay users need to take precautionary actions.

Also Read: Chinese Startup Gets Crypto Custodial Services License in Hong Kong

Someone Might Have Been Able to Steal Private Keys

Copay and Bitpay Wallet Apps Were Infected With Malicious CodeThe Bitpay team has announced that a third-party NodeJS (the open-source Java Script environment) package used by the Copay and BitPay apps had been modified to load malicious code. This could have been used to capture and steal users’ private wallet keys. The company learned about the vulnerability from a GitHub issue report about an “event-stream” dependency attack.

Bitpay has only confirmed so far that the malicious code was deployed on its Copay and Bitpay apps from version 5.0.2 to 5.1.0. However, the company has tried to reassure users by saying that the Bitpay app was not vulnerable to the malicious code. A security update (version 5.2.0) has been developed and will be made available for users in the app stores. And the team is still investigating to figure out if the malicious code was ever actually used against people.

What Copay Wallet Users Need to Do Now to Keep Safe

Copay and Bitpay Wallet Apps Were Infected With Malicious CodeThe Bitpay team warns that anyone using a Copay app from version 5.0.2 to 5.1.0 should not open it again. Users should first update their affected wallets and then send all funds from affected wallets to new version 5.2.0 wallets. Users should not attempt to move funds to new wallets by importing affected backup phrases, as they should assume that the corresponding private keys may have been compromised.

If you use the Bitcoin.com wallet you have not been affected by this issue at all, so you don’t need to do anything. “Our wallet doesn’t use the compromised ‘package,’ so we’re completely out of trouble for this one,” explains the Bitcoin.com wallet development team. “We’re operating as normal, we have never used that package and will never use it.”

Do you use an affected Copay wallet? Share your thoughts in the comments section below.


Images courtesy of Shutterstock.


Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi’s Pulse, another original and free service from Bitcoin.com.

The post Copay and Bitpay Wallet Apps Were Infected With Malicious Code appeared first on Bitcoin News.

Filed Under: Bitcoin.com Wallet, BitPay, copay, crypto wallet, English, github, malicious code, malicious software, N-News, News Bitcoin, NodeJS, Wallets

The Pirate Bay Is Again Using Users’ CPUs to Mine XMR

10/07/2018 by Idelto Editor

The Pirate Bay Is Again Using Users’ CPUs to Mine XMR Cryptocurrency

The Pirate Bay is again taking over its users’ CPUs in order to mine the Monero (XMR) cryptocurrency to generate additional revenue. Unlike previous times, the site now displays a notification on the matter for users to know what is going on with their systems.

Also Read: The Daily: Bitmain Valued at $12 Billion, New US Crypto Exchange Opens for Business

Leave Now or Else

The Pirate Bay Is Again Using Users’ CPUs to Mine XMR CryptocurrencyThe Pirate Bay, the major torrent downloading website, has begun notifying its visitors that their systems are being used to mine Monero. The message at the bottom of the site now reads: “By entering TPB you agree to XMR being mined using your CPU. If you don’t agree please leave now or install an adBlocker.”

Last year, the discovery of cryptocurrency mining scripts on website generated an uproar from many of The Pirate Bay’s users.The company admitted it has done so after it was exposed, and went on to claim then that it was only a short experiment. “As you may have noticed we are testing a Monero javascript miner. This is only a test. We really want to get rid of all the ads. But we also need enough money to keep the site running.” Now it appears that the experiment has succeeded and The Pirate Bay determined it is worth the negative reactions it will receive as a result of making this controversial means to generate funds a permanent feature of its operation.

Legitimate Business Model or Just Cryptojacking?

The Pirate Bay Is Again Using Users’ CPUs to Mine XMR CryptocurrencyThe idea of using visitors’ computer power to mine for cryptocurrency, and thus fund the websites they use, has been one of a number of innovations in the field made possible by cryptocurrency technology. With many people using ad blockers, as well as Google and Facebook monopolizing most of the profits from online media advertising, some websites have turned to mining as an alternative to ads revenue and payment walls.

It can be seen as a legitimate business model if done so transparently – where users are allowed to consent to such. The practice can also be misused, of course, when it is done in secret by the websites themselves, or when mining code is injected by hackers as a form of cryptojacking.

Is The Pirate Bay entitled to use its users CPUs to mine cryptocurrency? Share your thoughts in the comments section below. 


Images courtesy of Shutterstock.


Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi’s Pulse, another original and free service from Bitcoin.com.

The post The Pirate Bay Is Again Using Users’ CPUs to Mine XMR appeared first on Bitcoin News.

Filed Under: adblocker, cryptojacking, English, hijack, malicious software, Mining, Monero, Monero (XMR), N-Featured, News Bitcoin, Pirate Bay, PirateBay

Google Moves Against Cryptojacking, Bans Chrome Mining Extensions

03/04/2018 by Idelto Editor

Google Moves Against Cryptojacking, Bans Chrome Mining Extensions

James Wagner, Extensions Platform Product Manager of Google, took to the behemoth’s Chromium Blog on Monday in a post titled, Protecting Users from Extension Cryptojacking. “Starting today,” Mr. Wagner explained, “Chrome Web Store will no longer accept extensions that mine cryptocurrency. Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store.”

Also read: Trezor to Implement Bitcoin Cash Addresses

Google Moves Against Cryptojacking

“Over the past few months,” Mr. Wagner began, “there has been a rise in malicious extensions that appear to provide useful functionality on the surface, while embedding hidden cryptocurrency mining scripts that run in the background without the user’s consent. These mining scripts often consume significant CPU resources, and can severely impact system performance and power consumption.”

Google Moves Against Cryptojacking, Bans Chrome Mining Extensions
The chart above shows a recent example of CPU overutilization from hidden coin mining in an extension.

Cryptojacking has shown up in various places, from Pirate Bay to Salon, and as a phenomenon is only a few months old. Heck, even Elon Musk’s projects have been “infiltrated,” as “Tesla’s Kubernetes console (a system for containerized apps that was originally designed by Google) which was not password protected” was hit by cryptojacking. As these pages examined just a short while ago, “the extent of the problem has been vastly overstated. Smart criminals aren’t covertly crypto mining in-browser, not because they’re incapable of doing so, but because even at scale it simply isn’t profitable.”

90% Non-Compliance

Google Moves Against Cryptojacking, Bans Chrome Mining Extensions
James Wagner

True as that might be, it evidently has become an annoyance for enough users that Google has taken notice. “Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose,” Mr. Wagner detailed, “and the user is adequately informed about the mining behavior. Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.”

Of course it was only two weeks ago, the largest search engine on the planet announced formally it will restrict advertisement of “Cryptocurrencies and related content (including but not limited to initial coin offerings, cryptocurrency exchanges, cryptocurrency wallets, and cryptocurrency trading advice),” including aggregators and affiliates regarding “cryptocurrencies and related content.”

Mr. Wagner ends by reminding how the “extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”

Have you ever been cryptojacked? Let us know in the comments!


Images via Pixabay, Google. 


At news.Bitcoin.com we do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published. 

The post Google Moves Against Cryptojacking, Bans Chrome Mining Extensions appeared first on Bitcoin News.

Filed Under: Chrome Web Store, CPU, cryptojacking, Elon Musk, English, Google, James Wagner, malicious software, Mining, N-Featured, News Bitcoin, Pirate Bay, salon, Tesla

Primary Sidebar

Archives

Recents articles

  • Was Aristotle a Bitcoiner?
  • Netherlands-Based Coinbase Customers Required to Submit KYC Data When Transferring Crypto off the Platform
  • Binance Launches New Platform for VIP and Institutional Crypto Investors
  • Bitcoin Can Fund High-Quality, Equitable, Healthcare For Everyone
  • British MP Calls for ‘Liberal’ Crypto Regulation — Says ‘No Country Can Stop This Revolution’
  • Bank of Russia Accelerates Schedule for Digital Ruble Project
  • Hardware Worth $1.9 Million Stolen in Russia’s Crypto Mining Capital
  • Report: Goldman Sachs Looks to Buy Distressed Assets From Celsius, Crypto Lender Seeks Restructuring Advice

© 2022 · Idelto · Site design ONVA ONLINE

Posting....