Numerous Bitcoin Wallets May Have Been Compromised by Rogue Developer

A Node.js module called event-stream is used in millions of web applications, including BitPay’s open-source bitcoin wallet — Copay — and this module was reportedly compromised thanks to what can objectively referred to as social engineering, laziness, and incompetence.

A user with very little coding activity on GitHub requested publishing rights to the event-stream library from its previous maintainer, Dominic Tarr, who said that he had not maintained the repository in years and gave control to the new user, called right9ctrl.

The library event-stream is used in many Node.js applications. According to a complainant on GitHub, the new maintainer right9ctrl either pulled a sneaky move to inject malware or unknowingly had the same effect as if he had, that effect being that it would leak private keys from applications that relied on both the event-stream and copay-dash modules.

Ayrton Sparling wrote:

“He added flatmap-stream which is entirely (1 commit to the repo but has 3 versions, the latest one removes the injection, unmaintained, created 3 months ago) an injection targeting ps-tree. After he adds it at almost the exact same time the injection is added to flatmap-stream, he bumps the version and publishes. Literally the second commit (3 days later) after that he removes the injection and bumps a major version so he can clear the repo of having flatmap-stream but still have everyone (millions of weekly installs) using 3.x affected.”

Basically, the developer updated the module with malware and then patched the problem to avoid detection, but the numerous people who had already installed it remain affected. Copay — whose open-source code is itself used by many crypto applications — would be just one of many that use the library, but it happens to be built and maintained by a multi-million dollar Bitcoin payment processing company — BitPay — which raises questions on its own.

Why Does BitPay Use Upstream Libraries?

Those outside of open source development may have the misconception that it is all done for free due to ideals or hobbyism, but this is far from the case. The majority of major and important open source development, such as work on Bitcoin Core or work on the Linux Kernel, for instance, is done by developers who are employed by companies with a stake in the development of such software.

Companies like Red Hat contribute code to the Linux Kernel and companies like Blockstream employ Bitcoin Core developers. The reason is obvious: while they could simply wait on releases and rely on the work of others, these companies understandably have aims to achieve in development and also, most importantly, have a lot of money at stake in kernel development.

This model works for major software development, and this author believes that there is no reason it shouldn’t be applicable here. Rightfully, BitPay should arguably not be using software on a trust basis. Millions upon millions of dollars in client wallets are being entrusted to them, not upstream developers. If BitPay is not interested in actively developing libraries like event-stream, then they should use forked versions, verifying that each update is safe. Instead, as many industry stakeholders have alleged, they’ve demonstrated incompetence.


Source
Author: P. H. Madore
Image Credit

Sly malware author hides cryptomining botnet behind ever-shifting proxy service

Botnet author appears to be successful at hiding cryptocurrency mining botnet behind reverse proxy network used by enterprises and the developer community.

Without a doubt, botnets focused on cryptocurrency mining operations have been one of the most active forms of malware infections in 2018.

New botnets are appearing left and right if we are to believe security researchers from Chinese security firm Qihoo 360, who said this week that they are discovering new instances on a daily basis.

Not all of them may be profitable, as a recent Malwarebytes report has shown, but that doesn’t stop cyber-criminals from trying.

Although most botnets are a carbon copy of one another, once in a while researchers spot one that stands out above the crowd. This week, the cryptomining botnet that took the crown in terms of creativity was one discovered by the Netlab team at Qihoo 360.

And according to the Netlab team, the thing that stood out about this botnet was that instead of letting infected bots connect to a remote server via a direct connection, its authors were using the ngrok.com service instead.

For readers unaware of ngrok, this site is a simple reverse proxy used to let Internet-based users connect to servers located behind firewalls or on local machines that don’t have a public IP address.

The service is very popular with enterprises because it allows employees a way to connect to corporate intranets. The service is also used by home users, usually freelance developers, to let customers preview applications that are under development.

In most cases, a user hosts a server on his local machine, registers with ngrok, and gets a public URL in the form of [random_string].ngrok.io that he then shares with a customer or friend to let him preview an ongoing project.

According to Netlab researcher Hui Wang, at least one cryptomining botnet operator is also familiar with this service and has been using it to host a command and control (C&C) server behind ngrok’s proxy network.

But besides anonymity, the botnet operator also appears to have indirectly gained a resilience against any attempted takedowns of his C&C server.

As Hui explains, this happens because ngrok.io URLs stay online for only around 12 hours, and by the time security researchers identify a new C&C URL, the ngrok.io link changes to a new one, hiding the botnet from researchers once more. This allows the botnet to survive more than other botnets that host C&C servers on popular hosting platforms where security firms can usually intervene via abuse requests.

But that’s where the botnet’s creativity ends. Besides the nifty C&C trick, this particular botnet uses a somewhat simple make-up for its internal structure.

Hui says the botnet consists of four major components, all which have self-explaining names. The Scanner scans the Internet for applications vulnerable to known exploits; the Reporter takes care of client-server communications; the Loader downloads and infects a host; and the Miner is the actual app installed on the server that generates cryptocurrency for the botnet operator.

Currently, Hui says the botnet is targeting an assortment of web applications and CMSs, such as Drupal, ModX, Docker, Jenkins, Redis, and CouchDB.

There’s also a module to scan for local Ethereum wallets, but this is not active. On the other hand, a module that injects the Coinhive JavaScript library in all of the server’s JS files is active, meaning the botnet will also mine Monero inside the browsers of users visiting a site hosted on the infected servers.

This particular botnet is not extremely successful when compared to other botnets that have made millions of US dollars, and according to Hui, its operator made roughly 70 XMR coins, which is around $7,800. In terms of botnet operations, this is only pocket money.


Source
Author: Catalin Cimpanu
Image Credit

Internet Cafes Hacked to Mine $800,000 Worth in Siacoin Crypto

A group of hackers has allegedly colluded with computer maintenance firms in China to hack into computers owned by internet cafes to mine cryptocurrency.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


According to a local news report on Saturday, the police force in China’s Rui’An city in Zhejiang province arrested 16 suspects who allegedly profited 5 million yuan (or $800,000) by hacking more than 100,000 computers in internet cafes across 30 Chinese cities since July of last year.

The report said the hackers first developed a malware that can specifically mine the Siacoin cryptocurrency in an affected device.

Then they marketed it to computer maintenance firms who allegedly helped to inject the malware to computers in internet cafes when they were doing regular check up jobs.

The profits made by mining and selling these Siacoins would then be split among the hackers and their alleged accomplices, the report said.

According to the report, the issue emerged in July 2017 when internet cafes in Rui’An – one after another – started to notice their computers had become extremely slow since the CPU usage rate was often at 70 percent even after a restart.

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

Notably, it was also at a time when the price of Siacoin jumped by 400 percent from $0.002 in May to over $0.01 in July, data from CoinMarketCap shows.

Meanwhile, the utility bills of affected internet cafes in Rui’An also went up significantly during that period, the report said. Subsequently the owners reported the case to the local police.

Since most internet cafes in Rui’An used the same computer maintenance firm (unnamed in the report) for regular check up, the police arrested the firm’s chief executive officer in August, who later revealed information of the hackers.

The report further said currently the investigation is still ongoing since the affection is now widespread across more than 30 cities in China with over 100 computer maintenance firms in the country being allegedly involved.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Wolfie Zhao
Image Credit 

Hackers Target Infrastructure and Weak Security to Steal Cryptocurrencies

Carbon Black, a predictive cloud security service, recently published a report demonstrating that $1.1 billion worth of cryptocurrency-thefts occurred in the last six months


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


Security Experts Weigh in

Unfortunately, most of these thefts came from an attack on a cryptocurrency exchange or business. TechWire mentioned that hackers often hide malware on websites or weak infrastructure especially on cryptocurrency exchanges with inadequate security.

According to the report, cryptocurrency exchanges were the most vulnerable target to hackers and represented 27 percent of cryptocurrency-related attacks, followed by businesses at 21 percent, users at 14 percent and government resources at seven percent.

Cryptocurrency exchanges ranked highest because malicious agents were able to leverage vulnerable problems in their security infrastructure and easily steal large amounts of data and drain victim’s wallet.

While the theft is in the billions, it does not come as much of a surprise considering Coincheck suffered a hack of over $500 million at the beginning of 2018. Just recently, South Korean cryptocurrency exchange Coinrail, while a significantly smaller exchange also lost approximately $40 million in cryptocurrencies.

Instead of targeting the network, many hackers are taking advantage of the lax security from exchanges. They deploy stealer malware and drain the exchange of vulnerable cryptocurrencies. Some hackers even leverage their access to data to undergo follow-up attack on the users.

The report mentioned that “unfortunately, new investors and traders looking to jump on the crypto bandwagon will exacerbate the opportunity for exploitation. We expect to see cryptocurrency theft and illicit mining activity expand in the mid-to-long term as security mechanisms and user awareness slowly catch up to the evolving threat.”

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

Stealer Malware Popular among Cybercriminals

“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” said Rick McElroy, Carbon Black Security strategist.

“It’s not always these large nefarious groups, it’s in anybody’s hands.”

McElroy mentioned that malware purchases on the dark web often comes with customer service. “You just have to able to log in and be able to buy the thing – you can call customer support and they’ll give you tips,” he continued.

The malware costs on average $224, however, the security expert has seen some malware options as low as $1.04. The Carbon Black report stated that the available dark web marketplace, a marketplace that can only be accessed using specialized software, is currently a $6.7 million economy which is built from cryptocurrency-related malware development and sales.

While many thefts can come from huge crime groups targeting cryptocurrency exchanges and companies, McElroy stated that thefts can even emerge from an unemployed engineer who’s looking to make extra money on the side. “You have nations that are teaching coding, but there’s no jobs,” said McElroy. “It could just be two people in Romania needing to pay rent.”

In regards to the most vulnerable countries susceptible to cryptocurrency attacks, the US emerged first with 24 cryptocurrency attacks. China came in second with ten attacks, and the UK came in third with eight.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Cindy Huynh
Image Credit 

In 2018, $4,243.83 Of Cryptocurrency Is Stolen Per Second

BITCOIN

$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do.


Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions


• $1.1 billion worth of cryptocurrency was stolen in the first half of 2018, and it’s relatively easy to do, according to cybersecurity company Carbon Black.

• “It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” Carbon Black Security strategist Rick McElroy says

• The necessary malware, which even occasionally comes with customer service, costs an average of $224 and can be as cheap as $1.04 on the “dark web.”

Roughly $1.1 billion worth of cryptocurrency was stolen in the first half of 2018, and unfortunately for owners, it’s pretty easy to do, according to cybersecurity company Carbon Black.

Criminals use what’s known as the dark web to facilitate large-scale cryptocurrency theft.

There are now an estimated 12,000 marketplaces and 34,000 offerings related to cryptotheft for hackers to choose from, the company said in a study released Thursday.

“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” Carbon Black Security strategist Rick McElroy told CNBC. “It’s not always these large nefarious groups, it’s in anybody’s hands.”

The necessary malware, which McElroy said even occasionally comes with customer service, costs an average of $224 and can be priced as low as $1.04. That marketplace has emerged as a $6.7 million economy, according to the study.

The dark web is a part of the World Wide Web accessible only through special software. It lets users remain anonymous and largely untraceable.

“You just have to able to log in and be able to buy the thing — you can call customer support and they’ll give you tips,” McElroy said.

Thefts can come from organized cartels or crime groups extorting exchanges and companies. But it is often as simple as a highly trained but unemployed engineer looking to make extra cash.

You have nations that are teaching coding, but there’s no jobs,” McElroy said. “It could just be two people in Romania needing to pay rent.”

As the price of bitcoin skyrocketed more than 1,300 percent last year, new buyers flooded the market. Unlike banks, cryptocurrency is typically not protected or insured by a third party, which first-time investors might not know.

“Usually we rely on banks, the tools are out there but investors need to know how to do this,” McElroy said. “A lot of people are unaware in this new gold rush, people are using cloud wallets and not securing their money.”

Don’t forget to join our Telegram channel for Crypto, Business & Technology news delivered to you daily

Exchanges were the most popular target for cybercriminals, making up 27 percent of attacks this year.

Tokyo-based Mt.Gox, the largest bitcoin exchange at the time, was the first high-profile hack in cryptocurrency history. It filed for bankruptcy in 2014 and said it lost 750,000 of its users’ bitcoins and 100,000 of the exchange’s own. This January, hackers stole $530 million worth of a lesser-known cryptocurrency called NEM from Japanese exchange Coincheck. In December, a South Korean cryptocurrency exchange called Youbit lost 17 percent of its digital assets and its parent Yapian later filed for bankruptcy.

Businesses were the second most vulnerable group, making up 21 percent of those hacked.

In many cases, criminals hack the internal system of these companies and demand cryptocurrency as a ransom. Carbon Black said it could not provide company names because some of the incidents were not public. In the U.S. companies don’t have to report a ransomware incident because it does not involve a loss of personal data.

Hackers often demand payment in cryptocurrency yet bitcoin does not seem to be the top choice. It accounted for only about 10 percent of the targeted cryptocurrencies, while ethereum made up 11 percent.

Criminals appear to prefer Monero. The lesser-known cryptocurrency was used in 44 percent of all attacks because of its privacy and its difficulty to trace compared with bitcoin, Carbon Black said. It also has relatively low transaction fees.

The United States was the most vulnerable country, with 24 crypto-related attacks. China was next with 10, and the U.K. came in third with eight.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Kate Rooney
Image Credit

Monero Mining Malware Hits Apple Macs

Join in the fun and play on the world’s First Hybrid on-line Casino with BTC and Fiat currency payments. Check on-line for latest promotions

A new Mac-based cryptojacking attack was reported this past week on Apple’s forums, forcing users to unwittingly run software that mines privacy coin monero.

According to a Malwarebytes Labs blog post, the software was discovered when a user noticed that a process called “mshelper” consumed suspiciously-large amounts of CPU time. The user said that mshelper was constantly appearing in the CPU section of their Activity Monitor at high levels. They noticed this after installing BitDefender, which constantly relayed that mshelper was deleting it. This user tried using Malwarebytes, which proved unhelpful.

One reader suggested running Etrecheck, which immediately identified the malware and allowed the victim to remove it.

Don’t forget to join our Telegram channel for Crypto, Business & Technolgy news delivered to you daily

Malware Components Identified

Malwarebytes Labs said there were other suspicious processes installed, for which it was able to find file copies.

The “dropper” is the program that installs the malware. Mac malware oftentimes is installed by decoy documents users mistakenly open, downloads from pirate sites, and false Adobe Flash Player installers. The dropper remained elusive for cryptominer, but Malwarebytes Labs believes it to be a simple malware.

The researchers found the location of a launcher file called “pplauncher,” which is maintained by a launch daemon. This means the dropper likely had root privileges.
The pplauncher file was written in Golang for macOS, its purpose being to install and begin the miner process. Golang requires a certain amount of overhead that causes a binary file of more than 23,000 tasks. To use this for a simple purpose indicates the creator is not highly knowledgeable about Mac devices.

Modelled On A Legitimate Miner

The mshelper process gives the appearance of an older version of XMRig miner, a legitimate miner that can be deployed using Homebrew on Macs. Information from the current XMRig indicates it was built on May 7, 2018 with clang 9.0.0.

When the same information was sought from the mshelper process, it indicated it was built on March 26, 2018, also with clang 9.0.0.

Malwarebytes Labs concluded that mshelper is an older XMRig copy used to create the cryptocurrency for the benefit of the hacker. The pplauncher gives command line statements, including a parameter that specifies the user.

The researchers said that the mining malware is not dangerous unless the user’s Mac has damaged fans or clogged vents that can result in overheating.

The mshelper is a legitimate tool that someone is abusing, but it still needs to be removed, as well as all of the malware.

The new malware — now known as OSX.ppminer — falls in line with cryptominers such as Creative Update, CpuMeaner and Pwnet for macOS.


Here at Dollar Destruction, we endeavour to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author Lester Coleman
Image Credit

A New Facebook Messenger Malware Is Targeting Crypto Users

A malicious Google Chrome extension known for its effectiveness has been revamped to target cryptocurrency exchanges, cybersecurity company Trend Micro reported this week.

Dubbed FacexWorm, Trend Micro said in a blog post that the malicious extension’s capabilities “were made over” to steal user credentials for Google, MyMonero, and Coinhive; in sum, it promotes a scam that dupes users into sending ether to the attacker’s wallet and drains a computer’s processing power to power clandestine cryptocurrency mining.

The extension also has the ability to hijack cryptocurrency transactions on a variety of major exchanges including Poloniex, HitBTC, Bitfinex, Ethfinex, Binance in addition to Blockchain’s (previously Blockchain.info) crypto wallet, according to Trend Micro.

First exposed in August 2017, the malware initially used Facebook Messenger to send malicious links that, when clicked on, provided the attacker with access to users’ Facebook accounts while also infecting their operating systems. FacexWorm resurfaced in early April of this year.

Trend Micro said it had discovered one affected bitcoin transaction, but it has not identified the value of the plunder garnered from the crypto mining.

The company reported that Chrome removed many of the FacexWorm extensions prior to Trend Micro’s discovery and that Facebook Messenger is also capable of detecting and blocking the insidious links the malware uses.

Chrome banned cryptocurrency mining extensions from its Web Store in early April.

Trend Micro advised users to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”


Here at Dollar Destruction, we endeavor to bring to you the latest, most important news from around the globe. We scan the web looking for the most valuable content and dish it right up for you! The content of this article was provided by the source referenced. Dollar Destruction does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products or other materials on this page. As always, we encourage you to perform your own research!

Source
Author: Annaliese Milano
Image Credit