Connect with us

Malware

Cryptocurrency Malware Education: FacexWorm

Cryptocurrency service providers have been a prime target for criminals for as long as most people can remember. Most recently, security researchers came across FacexWorm, which targets cryptocurrency trading platforms accessed through affected browsers. It is another worrisome development for crypto enthusiasts.

FacexWorm is a big Problem

Researchers over at TrendMicro have outlined the potential problems caused by FacexWorm. As the name somewhat suggests, the malware in question is mainly distributed through Facebook Messenger. This is one of the downsides of using increasingly popular instant messaging apps, as they will attract criminals of all kinds sooner or later. In this particular case, it seems Facebook Messenger is the primary method of attack, although different iterations may spread through other messaging solutions.

It seems FacexWorm was designed with one single objective in mind. Through this malware, criminals aim to target cryptocurrency trading platforms. Given the popularity of Bitcoin and other cryptocurrencies as of right now, this development is not surprising in the slightest. Criminals have shown a keen interest in cryptocurrency for some time now, and they will continue to hone their craft in this regard.

The malware will only work if a eBits user is first infected with FacexWorm. Once that step is completed, the malware will alter the user’s browser in such a way that it can distribute socially engineered links to friends of affected Facebook accounts. Additionally, it is more than capable of stealing accounts and credentials from websites of interest. As of right now, this interest mainly pertains to cryptocurrency trading, which doesn’t bode well for users of exchanges.

For those exchange users who have two-factor authentication set up, the theft of their login credentials is less of a threat. Although criminals have demonstrated an ability to get 2FA access removed with minimal effort, we can only hope exchanges take notice and plan accordingly. Stealing credentials is only part of the story, though, as FacexWorm can inject malicious mining scripts on webpages and hijack transactions across trading platforms and web wallets.

Thankfully, it seems FacexWorm has not been a successful venture so far. Only one Bitcoin transaction has been compromised by this malware so far, but that situation may come to change in the near future. Considering that this malware is delivered through one of the world’s most popular social messaging applications, a lot of damage could be done moving forward. Even so, most users are getting smarter when it comes to avoiding scams and threats, although there’s still a lot of work to be done.

Users can ensure they remain safe from attacks such as FacexWorm. Chrome plugins remain pretty popular ways to distribute this malware, but it seems Google is actively removing those plugins as of right now. Anyone who practices decent security practices should be safe from harm, but it is evident that responsibility mainly rests in the hands of cryptocurrency enthusiasts right now.

Advertisement
Comments

Malware

BadLepricon bitcoin mining malware exposed

This time the hackers decided to use our cellphones as mining rigs. It all started with a wallpaper app whose developers decided to make some extra money by using our cellphones as mining rigs.

The malware, dubbed BadLepricon was found by researchers from a security firm called Lookout. Quoted from their blog post:

Lookout found a piece of mobile malware in Google Play that quietly uses your phone’s processing power to create new coins. We call it BadLepricon, and yes, that is how the malware authors spelled “leprechaun.” We hope they were going for a clever play on the word “con.”

Shortly after finding the bug, the Google Play Store removed the 5 wallpaper apps who had the BadLepricon malware installed.

If you or any of your friends have any of these wallpaper apps:

Beating Heart Live Wallpaper, Epic Smoke Live Wallpaper, Mens club Live Wallpaper or Urban Pulse Live Wallpaper, tell them to remove it unless they want to keep having their phones used as mining rigs.

I am sure some of you might think that using your phone as a mining rig might be a good idea but there are quite a few problems with it.

The first problem is that your phone does not have a graphics card or any other GPU that will be able to match up with a R9 290 or any other decent desktop graphics card. As a result you will get very little mining power from one phone. In addition, your phone’s battery will drain at an incredible rate so you would have to keep your phone charging most of the time.

The only way to really make money using cellphones as mining rigs is to create a botnet. Botnets are a network of hacked electronic devices that are controlled by one hacker. As a result if you hack 1000 cellphones and each generates a small amount of hashing power, combining all that power will yield ALOT of bitcoin.

Here is a tip, do you feel that your cellphone looses battery faster than usual? Does it seem slow and unresponsive. It could very well be that you have a bitcoin mining malware running on your cellphone. The best way to get rid of it would be to backup your data and restore your phone to factory defaults, that will remove any unnecessary apps including any malware that might have infected your phone.

For a more detailed explanation of the BadLepricon malware please visit this blog

 

Continue Reading

Malware

Ransomware Education – Reveton Never Asked For Bitcoin Payments

Throughout the years, there have been various versions of ransomware infecting computers all over the world. Both individual and enterprise users have been affected by these nasty pieces of software, which can wreak a fair bit of havoc. To most people, ransomware is automatically associated with Bitcoin, but this hacker trend started out before Bitcoin was even remotely attractive. One of the first pieces of ransomware to make a major impression was called Reveton, which accepted various payment methods that were far more anonymous. 

Also read: eBits

Reveton Was The First Major Ransomware

TheMerkle_Ransomware Education Reveton

Based on the information found on Wikipedia, the first major wave of ransomware infections was caused in 2012. Even though Bitcoin was around at that point in time, the digital currency had a very niche appeal, with very few users actively exploring the concept. But 2012 was not about Bitcoin itself, as this is the time when Reveton started rearing its ugly head.

Some people may remember Reveton as it was a major ransomware trojan spreading messages on computer screens of how the host device has been used for illegal activity. A big law enforcement logo was displayed as part of this ransomware attack, which ranged from the FBI to local police. Many users were scared out of their mind when they saw this message appear, as Reveton completely locked down the computer as well.

Among the text appearing on the screen were instructions on how people could avoid the investigation and regain computer access by paying a small amount of money. This “fine” had to be paid through Paysafecard or Ukash, both of which are semi-anonymous online payment solutions which are still popular to this very day.

Various media outlets and news reports on TV made mention of the Reveton ransomware, as this piece of software was responsible for infecting thousands of computers in the European Union alone. During the summer of 2012, Reveton made its way to the United States and Canada as well.

But the misery didn’t end there, as new variants started popping up later that year. One of the Reveton clones demanded the ransom to be paid through Moneypak, which is another anonymous online money transfer service. Even more new variants of Reveton were discovered as recent as August 2014, and the ransomware still wreaks havoc to this very day.

Hackers were not resting on their laurels though ,as the concept of infecting remote computers and getting paid for doing so became a major appeal to internet criminals all over the world. Several of the more recent ransomware types started demanding payment in Bitcoin, which many people still see as an anonymous digital currency. In the next article, we’ll talk more about Bitcoin ransomware, starting with CryptoLocker.

Source: Wikipedia

Images credit 1,2

If you liked this article follow us on Twitter eBits and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

Continue Reading

Malware

Ransomware Education – CryptoLocker Introduced Timed Bitcoin Payments

Staying on the topic of [Bitcoin] ransomware for a few days, it is important to take a look at which different types of this software have given Bitcoin such a bad name throughout the years. The first main Bitcoin ransomware to make a name for itself was called CryptoLocker, and the software is still claiming victims to this very day. Even though various alternatives have been released throughout the years, CryptoLocker will always be the one linking ransomware to Bitcoin.

Also read: eBits

CryptoLocker Wreaks Havoc On Computers Worldwide

TheMerkle_Ransomware Education CryptoLocker

The first time anyone came in contact with CryptoLocker was during the September 2013 period, after a lull in the number of ransomware attacks. Even though security experts were well aware the threat was far from over, CryptoLocker took all of them by surprise, as it was much harder to detect, or even fix without paying the associated fee.

Whoever developer CryptoLocker remains unknown to this point, but they were quite well versed in technology and encryption by the look of things. CryptoLocker was the first type of ransomware to use a 2048-bit RSA key pair to decrypt computer files, which is incredibly difficult to brute force.

Additionally, CryptoLocker uploaded this key pair to a command-and-control server, and a whitelist of file extensions was created which would then be encrypted by the ransomware. As is the case with any of these infections, users were greeted with a message asking them to pay a certain fee if they wanted to restore access to their files.

But this is where CryptoLocker set itself from eBits, as it was the first time Bitcoin was mentioned as a supported payment method. During those days, a lot of people assumed Bitcoin was an entirely anonymous form of transferring money around the world, even though nothing could be further from the truth.

Things didn’t end there, though, as CryptoLocker introduced another parameter to the ransomware game. Bitcoin payments had to be made within a specific time limit – usually, 3-5 days – or the encrypted files would be inaccessible forever, as the associated decryption key would be destroyed automatically. However, if the timer expired, users were given a second chance to pay for access, albeit the fee would be increased to 10 Bitcoin.

June of 2014 was a critical period, as the ransomware was traced down to the Gameover ZeuS botnet, which was shut down by law enforcement. Wikipedia statistics indicate roughly US$3m was extorted through the CryptoLocker malware over the course of less than one year.

Source: Wikipedia

Images credit eBits,2

If you liked this article follow us on Twitter eBits and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.

Continue Reading
Advertisement

Lastest News

Technical3 weeks ago

EOS and Ethereum: One DApp Platform to Rule Them All?

Does the market have room for two thriving DApp platforms? Ethereum and EOS represent two distinct approaches to carrying out...

Technical3 weeks ago

Hyperledger and the Enterprise Ethereum Alliance Face Off

The fight between Hyperledger and the Enterprise Ethereum Alliance seems destined to be an all-out battle that will determine which platform...

Technical3 weeks ago

New Vehicles in Norway Are Now 50% Electric, Favored over Gasoline Cars

The market share of electric cars, which was only a fraction of that of gasoline cars a few years ago,...

Startups3 weeks ago

The Gateway for Financial Revolution with BABACOIN, Father Of Coins in The WORLD, PRE ICO- ICO to Start very SOON

The awaited ICO and Sensational CRYPTO platform finally came. Our Founder have created an innovative method for investors to gain...

Startups3 weeks ago

10 Reasons to Be Excited About Essentia

Here’s ten reasons why Essentia has the potential to break the internet of fragmentation and propel us towards mainstream blockchain...

Startups3 weeks ago

Experts Wow as Mark.space Launches Unit Exchange and Designer Renders

MAY 28, 2018 – MARK.SPACE, which operates world’s first open-source, platform-agnostic 3D, VR and AR-compatible ecosystem, today announced two major...

Startups3 weeks ago

WiseBitcoin Launches the First Ever Cryptocurrency Trading Platform with Leverage Levels up to 20:1

Cryptocurrency trading just became faster and easier than ever before with the launch of Wisebitcoin, the world’s first cryptocurrency trading...

Startups3 weeks ago

Bettium Partners with Polish e-Sports Foundation to Expand Presence in Central and Eastern Europe

The foundation’s founder, Tomasz Chojecki, will join Bettium’s advisory board and will provide his key insights, knowledge, and expertise in...

Startups3 weeks ago

ICO investing established as the new authority in 2018 – Hyperion fund poised to capture further growth

In 2017, the team at Invictus Capital launched one of the top 25 ICOs of all time with CRYPTO20, the...

Startups3 weeks ago

BUY&SELL and BAS – the Opportunity to Earn Both Ways: with and without Investments

After the rapid growth of the value of Bitcoin and other crypto-currencies in December 2017, the world was swept by...



Trending