Posted on

North Korean Hackers Unleash Mac Malware On Crypto Exchanges

It seems that the only thing on the rise in the crypto industry at the moment is malware, not prices. Cyber security researchers have recently revealed more crypto-centric malware emerging from North Korea.

According to a detailed summary by Russian computer security firm Kaspersky, North Korean hacker group Lazarus has been highly active in recent months. The cyber criminals have “successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies,” according to the report.

The malware, named ‘AppleJeus’, was inadvertently downloaded by an employee of an unnamed crypto exchange. The security researchers claim to have made the unexpected discovery while investigating the attack by the group on the exchange. It revealed the victim had been attacked by a trojan crypto trading application recommended to the company via email.

After downloading the malicious software the victim’s computer was infected by Fallchill malware which Lazarus had previously used. Kaspersky went on to state that it was the first time the group had deployed malware for other operating systems;

“To ensure that the OS platform was not an obstacle to infecting targets, it seems the attackers went the extra mile and developed malware for other platforms, including for macOS. A version for Linux is apparently coming soon, according to the website. It’s probably the first time we see this APT group using malware for macOS.”

The payload came via a convincing but fake website as the group strives to reach new levels of sophistication. The actual Trojan arrived as an update to the trading app which is a further attempt to mask its presence. The Celas Trade Pro software from Celas Limited showed no signs of malicious behavior and looked genuine according to the research.

In addition to the Mac version was a Windows version of the spurious trading program in a downloadable file called celastradepro_win_installer_1.00.00.msi. Once installed the Updater.exe module will deliver the payload which is designed to steal cryptocurrency.

Kaspersky continued with a lengthy breakdown of how the malware operates and what they have discovered about the bogus company. In reference to Lazarus it added “Recent investigation shows how aggressive the group is and how its strategies may evolve in the future.” South Korean exchanges have been the target of Lazarus before with a number of reports of attacks earlier this year.

Crypto markets may be in decline but attempts to steal digital assets by hacker groups are definitely taking the opposite trend.

loading…

Posted on

Kaspersky: Cryptocurrency Scammers Stole $2.3 Million in Q2

Cybercriminals earned more than $2.3 million from cryptocurrency scams during the second quarter of 2018, according to a new report from Kaspersky Lab.

In its Spam and Phishing in Q2 2018 report, the company reported that it had prevented almost 60,000 attempts by users from visiting fraudulent web pages featuring popular cryptocurrency wallets and exchanges from April to June 2018. The intruders earned the funds by inducing their victims to send their coins to fake ICOs and token distributions, Kaspersky explained.

And it’s not just token sales. As CoinDesk has previously reported, malicious websites masquerading as popular cryptocurrency services have also targeted would-be victims.

“The permanence of attacks targeting financial organizations reflects the fact that more and more people are using electronic money,” Nadezhda Demidova, lead web content analyst for Kaspersky, wrote in the company’s news release, adding:

“Still, not all of them are sufficiently aware of the possible risks, so intruders are actively trying to steal sensitive information through phishing.”

Looking more broadly, the Kaspersky report also demonstrated the global reach of phishing scams, with South America and Asia seeing the most activity in this area.

Brazil alone saw 15.51 percent of all phishing attacks during that period. China shared the second position with Georgia (14.44 percent), followed by Kirghizstan (13.6 percent) and Russia (13.27 percent).

Image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Cybersecurity Firm Kaspersky Calls Out Cryptocurrency Scams And Thefts

Russia-based cybersecurity firm Kaspersky recently released a report highlighting 2017’s cryptocurrency “social engineering schemes,” which saw criminals net millions in cryptocurrency value.

According to estimates given by Kaspersky’s research team, the cybercriminals managed to gain over 21,000 Ethereum, or approximately $10 million at the time of press, from the “social engineering” schemes seen in 2017. 

So what did these schemes entail?

The cybersecurity firm noted that ICO and cryptocurrency giveaway scams were common, with cybercriminals “drawing inspiration” from legitimate business operations. The report noted:

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future.

For ICO-related scams, the criminals would create fraudulent websites and emails/messages that emulate well-known projects. This method resembles the classic internet ‘phishing’ scam, which involves scammers trying to obtain funds or sensitive information by disguising as a trusted party.

Kaspersky gave the example of a Switcheo ICO scam, allowing for criminals to steal over $25,000 by promoting a misleading cryptocurrency address on Twitter, rerouting the funds from the official ICO wallet to the criminal’s wallet.

Another prominent scam involved the OmiseGo project, which is one of the most popular projects on the Ethereum network. In a similar method to the Switcheo scam, criminals created “hundreds of fake websites,” enticing users to send their hard-earned cryptocurrencies to the ‘legitimate’ address. The Russian firm noted that OmiseGo scams drew in over $1.1 million worth of cryptocurrency, by far one of the most damaging cases of “social engineering.”

Elon “Not Giving Away ETH” Musk

Another popular method enlisted by scammers was with ‘cryptocurrency giveaways,’ with bad actors creating social media accounts that pretend to be celebrities, entrepreneurs or even cryptocurrency personalities. The most notable cases of these scams include Twitter ‘giving away Ethereum’ scams, with scammers requesting for users to send Ethereum to an address, in exchange for a substantially larger payout.

Obviously, nothing ever comes of these requests, as the unfortunate few who send their funds to the addresses never get anything in return. The cybersecurity firm acknowledged cases where criminals would even mimic the Twitter accounts of Elon Musk and the founder of Telegram, Pavel Durov.

Musk, one of the world’s most prominent businessmen, acknowledged the “scambots” made in his likeness, jokingly issuing a Tweet calling these accounts out.

Nadezhda Demidova, the lead web content analyst at Kaspersky gave a statement regarding the scams, saying:

These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.”

However, Kaspersky noted that its wide array of products have been working well to stave off scams, and have blocked over 100,000 attempts to scam its users using “fake exchanges and other sources” in the first half of 2018. Kaspersky closed the report by reaffirming that users should be wary while dealing with questionable cryptocurrency exchanges, offers, and wallets.

loading…

Posted on

1.65 Million Attacks: Kaspersky Reveals New Data on Crypto Mining Malware

More than 1.65 million computers were targeted by cryptocurrency mining malware attacks in the first eight months of 2017, according to a new report from Kaspersky Lab.

The Russia-based cybersecurity outfit said on Tuesday that the figure represents the number of computers, running Kaspersky software, that were protected from the malicious software, which can turn a machine into a remotely-controlled mining device without the owner actually knowing.

The total for 2017 thus far seems on pace to exceed the number of attacks detected in 2016, which exceeded 1.8 million. By comparison, Kaspersky detected just over 700,000 in 2014.

Partially underpinning the attacks, the company said, appears to be several large-scale botnets dedicated to malicious mining activities.

The report said:

“This results in threat actors receiving cryptocurrency, while their victims’ computer systems experience a dramatic slowdown. Over the last month alone, we have detected several large botnets designed to profit from concealed crypto mining.”

The company only released the number of its own clients protected, and did not clarify how many machines they thought were infected globally, or if any of their customers were infected despite their protection.

Cryptocurrency mining botnets are nothing new. One of the newer botnets discovered in 2017 was developed out of a US National Security Agency exploit leaked by a group of hackers referred to as the Shadow Brokers.

Though miners traditionally infected Windows computers, they can also impact Linux machines. Some botnets infect machines which do not possess sufficient processing power to effectively mine for anything as well.

Malware image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at [email protected].