• Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
Sunday, January 29, 2023
  • Login
  • Register
Coin24h.com
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining
No Result
View All Result
Coin24h.com
No Result
View All Result
Ledger Nano X - The secure hardware wallet
ADVERTISEMENT

New Malware Spotted in the Wild Can Attack Crypto Wallets

1 September 2020
in Blockchain
Reading Time: 6 mins read
A A
0
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter
cryptotrader
ADVERTISEMENT


  • Anubis is a new malware that can target cryptocurrency wallets and other sensitive data. It first became available for sale in darkweb markets in June, and Microsoft has now seen limited attack campaigns using it.
  • Experts recommend not visiting sketchy websites or opening strange or suspicious attachments, links or emails.
  • Increasing interest cryptocurrencies, such as we’ve seen in recent months, usually sparks interest in new users who can be particularly susceptible to these kinds of attacks. 

A new form of malware called Anubis is now out in the world after being circulated for sale on cybercrime dark markets in June, according to Microsoft Security Intelligence. Using forked code from Loki malware, Anubis can steal cryptocurrency wallet IDs, system info, credit card information and other data. 

Importantly, this malware is distinct from a family of Android banking malware also called Anubis.  It joins a growing list of malwares that look for vulnerable cryptocurrency stashes. 

“The malware is downloaded from certain websites. It steals information and sends stolen information to a C2 (command and control) server via an HTTP POST command,” said Tanmay Ganacharya, partner director of security research at Microsoft. 

HTTP Post is basically a data request from the internet. It is also used when you’re uploading a file or submitting a completed web form. 

See also: Hacker Stole 1,000 Traders’ Personal Data From Crypto Tax Reporting Service

“When successfully  executed it attempts to steal information and sends stolen information to a C2 server via HTTP POST command,” he said. “The post command sends back sensitive information that may include username and passwords, such as credentials saved in browsers, credit card information and cryptocurrency wallet IDs.”

Avoiding Anubis: What we know

Parham Eftekhari, executive director of the Cybersecurity Collaborative, a forum for security professionals, reviewed the images of code tweeted out by Microsoft and said not much information about the Windows Anubis malware has been released. 

But the Loki bot (from which the Anubis code was taken) was spread via social engineering emails with attachments with “.iso” extensions. These messages masqueraded as orders and offers from other companies and were sent to publicly available company email addresses, sometimes from a company’s own site. 

When it comes to avoiding Anubis, Eftekhari said people should not open any attachments or emails that they are not expecting or that seem unfamiliar. 

“They should deploy antimalware applications on their systems and scan and update frequently,” he said. “Finally, when accessing sensitive accounts such as banking applications, they should employ secure or privacy browsers which may prevent malware from recording keystrokes or screenshots.”

Ganacharya said that like many threats, this new malware tries to stay under the radar, so it doesn’t have obvious visual clues. Users can check for the presence of suspicious files and running processes (for example, ASteal.exe, Anubis Stealer.exe) as well as suspicious network traffic. 

See also: Binance and Oasis Labs Launch Alliance to Combat Crypto Fraud and Hacks

For its part, Microsoft has updated its Defender Advanced Threat Protection (Microsoft Defender ATP) to detect Anubis malware and will be monitoring it to see if campaigns begin to spread. Microsoft Defender ATP uses AI-powered cloud-delivered protection to defend against new and unknown threats in real time

Other users should be wary of visiting unknown or suspicious websites, or opening suspicious emails, attachments and URLs, Ganacharya said. Additionally, users can turn on unwanted app blocking in Microsoft Edge to get protection against cryptocurrency miners and other software that can affect the performance of devices.

But for security professionals there are telltale signs when analyzing a system. One of these are indicators of compromise, which are indicators a system has been breached. These can include unusual outbound network traffic or unusual activity on an account.

Malware and cryptocurrency

While malware, or software designed to be malicious, isn’t new it’s increasingly being brought to bear on the cryptocurrency community. 

“Over the past three years we have been seeing an increased number of malwares that target user computers that, aside from trying to record/steal passwords, are specialized in harvesting the victim’s system for cryptocurrencies,” said Paolo Ardoino, CTO of Bitfinex. 

Ardoino said tech-savvy holders of cryptocurrency usually use a hardware wallet and store their seed (the information that generates and recovers a wallet) offline. Less-experienced users, though, due to the fear of losing the seed for their wallet, might keep it stored on their computer. Malware is then able to access the password manager or other online storage site while the user is accessing it, and copy and paste passwords.

See also: Social Engineering: A Plague on Crypto and Twitter, Unlikely to Stop

Another attack that malware can execute, according to Ardoino, is seeing if the computer runs a blockchain node that has an unprotected wallet file. Even if that wallet file has a password, if the malware involves a keystroke recorder (or keylogger) it can capture whatever a user on the computer types. 

He said there are many nuances, but as cryptocurrency gets closer to mass adoption, sloppy custodial practices could make people’s cryptocurrency wallets easier to target than banks or even credit cards. 

Upticks in bitcoin (BTC) and ether (ETH), like those we’ve seen in recent months, could spark interest in new users who can be particularly susceptible to these kinds of attacks. 

Pandemic poses new vulnerabilities

The threat of malware has only increased as people have been pushed toward working and living remotely during the coronavirus pandemic, increasing the amount of time they spend online and the number of systems they use. 

See also: These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

According to a recent report from Malwarebytes, a company specializing in combating malware, programs such as AveMaria and NetWiredRC, which allow for breaches like remote desktop access and password theft, have seen huge increases in use during the pandemic. They found AveMaria saw a bump of 1,219% from January to April compared to 2019;  NetWiredRC observed a 99% increase in detections from January to June, primarily targeting businesses. 

Is the obvious defense the best defense?

Paul Walsh, CEO of the cybersecurity company MetaCert, said that given the attack vectors identified, traditional models for identifying and protecting against these attacks are misguided. 

The vast majority of malware is delivered via email phishing and malicious URLs, which outnumber dangerous attachments (like Anubis) five to one, according to Walsh.  

“Most security issues that involve dangerous URLs go undetected and, therefore, [are] not blocked” he said. 

See also: YouTube’s Whac-a-Mole Approach to Crypto Scam Ads Remains a Problem

There are thousands of security vendors in the world, but only a small number own their own “threat intelligence systems” – a fancy term for a big database of threats and potential threats. Those companies license that data to other companies. While Walsh’s company Metacert has a threat intelligence system, they might have URLs that Google, for example, won’t. It’s a patchwork solution at best. 

And if people are tailoring spear-phishing attacks for a specific company, the damage is usually done quite quickly, before a security database or firm might be aware a tailored website exists. 

The lifespan, or the time frame within which a phishing attack has accomplished its goal, is about seven minutes, said Walsh. But security companies may take up to two or three days to identify and vet new phishing attacks, particularly if they are tailored for a company or individual. 

Walsh says strong passwords and two-factor authentication are important. Yubikey, essentially a hardware version of two-factor authentication, is one step up, but it’s not supported by all websites. 

Disclosure

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.





Source link

Related articles

Solana Foundation, Ripple, GBBC and Others Form Partnership to Promote Crypto Solutions for Climate Change

17 January 2023

Bank of America Says CBDCs Are the Future of Money and Payments

17 January 2023
Cryptohopper
ADVERTISEMENT
[crypto-donation-box]
Tags: AttackcryptoMalwarespottedwalletsWild
Share76Tweet47
Ledger Nano X - The secure hardware wallet
Previous Post

Bitcoin News Roundup for Sept. 1, 2020

Next Post

Ripple May Have Opportunity, But A Large Outbreak Looks Unlikely (Cryptocurrency:XRP-USD)

Related Posts

Solana Foundation, Ripple, GBBC and Others Form Partnership to Promote Crypto Solutions for Climate Change

17 January 2023
0

Hwang, who works on building the infrastructure for the initiative, including carbon credit measurements, which calculates the reduced amount of...

Bank of America Says CBDCs Are the Future of Money and Payments

17 January 2023
0

“CBDCs do not change the definition of money, but will likely change how and when value is transferred over the...

Bernstein Says Custody Services Are the Foundation for Institutional Crypto Adoption

17 January 2023
0

“Crypto custody is the foundational enabler for institutional adoption,” analysts Gautam Chhugani and Manas Agrawal wrote, adding that “unlike legacy...

BNB Chain Burns Over $500M in BNB Tokens

17 January 2023
0

Token burn refers to the process of permanent deletion of coins from their circulating supply. Over 100 million BNB, or...

DeFi Protocol Sushi Lays Out 2023 Plans With Focus on DEX and User Experience

16 January 2023
0

The move comes after Sushi's chief technology officer, Matthew Lilley, said in a tweet thread on Jan. 3 that two...

Load More
Next Post

Ripple May Have Opportunity, But A Large Outbreak Looks Unlikely (Cryptocurrency:XRP-USD)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

We publish a comprehensive news feed covering all news relevant to the crypto user, covering main industry news, politics and regulation as well as consumer-level “news you can use” (practical stuff), including handy DIY tips, links to useful tools, unbiased reviews and opinions revolving around cryptocurrency. Simple logic and real-world examples are preferred before technical jargon and personal rants.

Categories

  • Altcoin
  • ApeCoin
  • Bitcoin
  • Blockchain
  • BNB
  • Cardano
  • Cryptocurrency
  • DOGE
  • DOT
  • Ethereum
  • HBAR
  • Litecoin
  • Market
  • Meta News
  • Mining
  • NFT
  • QNT
  • Regulation
  • SHIBA
  • Solano
  • Tether
  • Uncategorized
  • XDC
  • XLM
  • XRP

What’s New Here!

  • XMR, DOT Move Higher, Rebounding From Recent Declines – Market Updates Bitcoin News
  • NFT Tallinn to be the flagship large-scale Web3 event in Northern and Eastern Europe
  • NFTs and Other Trends That Will Shape the Crypto Industry

Newsletter

  • About Us
  • Privacy Policy
  • Contact Us

© 2022 coin24h.com

No Result
View All Result
  • Home
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • XRP
    • Litecoin
    • Altcoin
    • Cardano
    • Tether
    • DOGE
    • Solano
    • XLM
    • DOT
    • XDC
    • SHIBA
    • BNB
    • Ape
    • HBAR
    • QNT
  • Blockchain
  • Regulation
  • Market
  • Live
    • Prices
    • ICO
  • Meta
    • NFT
  • Technical Analysis
    • XRP
    • BTC
    • XLM
    • ADA
    • TETHER
    • ETC
    • ETH
    • DOGE
    • LTC
  • Exchange
  • Mining

© 2020 coin24h.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • bitcoinBitcoin(BTC)$45,716.00-1.31%
  • ethereumEthereum(ETH)$3,456.77-0.85%
  • tetherTether(USDT)$1.000.04%
  • binancecoinBNB(BNB)$439.95-1.61%
  • usd-coinUSD Coin(USDC)$1.00-0.21%
  • SolanaSolana(SOL)$128.84-4.73%
  • rippleXRP(XRP)$0.82-1.94%
  • TerraTerra(LUNA)$111.19-1.25%
  • cardanoCardano(ADA)$1.190.55%
  • AvalancheAvalanche(AVAX)$92.73-3.81%
  • polkadotPolkadot(DOT)$22.10-4.14%
  • dogecoinDogecoin(DOGE)$0.144901-0.44%
  • Binance USDBinance USD(BUSD)$1.000.03%
  • TerraUSDTerraUSD(UST)$1.00-0.03%
  • Shiba InuShiba Inu(SHIB)$0.000026-1.07%
  • wrapped-bitcoinWrapped Bitcoin(WBTC)$45,705.00-1.34%
  • CronosCronos(CRO)$0.473031-1.56%
  • matic-networkPolygon(MATIC)$1.63-2.68%
  • Lido Staked EtherLido Staked Ether(STETH)$3,455.57-0.80%
  • NEAR ProtocolNEAR Protocol(NEAR)$15.62-3.50%
  • daiDai(DAI)$1.00-0.09%
  • cosmosCosmos Hub(ATOM)$30.76-3.98%
  • litecoinLitecoin(LTC)$123.39-2.73%
  • chainlinkChainlink(LINK)$17.14-5.68%
  • tronTRON(TRX)$0.069912-3.60%
  • bitcoin-cashBitcoin Cash(BCH)$370.86-0.90%
  • FTX TokenFTX Token(FTT)$49.41-1.74%
  • ethereum-classicEthereum Classic(ETC)$45.69-1.36%
  • Power CashPower Cash(PRCH)$0.017570881.24%
  • algorandAlgorand(ALGO)$0.88-4.27%
  • stellarStellar(XLM)$0.231372-0.55%
  • leo-tokenLEO Token(LEO)$5.95-0.02%
  • OKBOKB(OKB)$20.68-0.82%
  • UniswapUniswap(UNI)$11.31-3.17%
  • vechainVeChain(VET)$0.076890-1.96%
  • Axie InfinityAxie Infinity(AXS)$63.07-4.37%
  • HederaHedera(HBAR)$0.235142-4.16%
  • Internet ComputerInternet Computer(ICP)$21.47-0.24%
  • filecoinFilecoin(FIL)$24.44-2.18%
  • ElrondElrond(EGLD)$189.04-2.56%
  • decentralandDecentraland(MANA)$2.61-2.92%
  • The SandboxThe Sandbox(SAND)$3.40-2.47%
  • FantomFantom(FTM)$1.52-3.28%
  • moneroMonero(XMR)$214.53-0.30%
  • wavesWaves(WAVES)$37.59-24.48%
  • theta-tokenTheta Network(THETA)$3.76-6.47%
  • cETHcETH(CETH)$69.26-1.11%
  • tezosTezos(XTZ)$3.80-4.12%
  • ApeCoinApeCoin(APE)$11.60-3.99%
  • The GraphThe Graph(GRT)$0.480061-4.90%