#CyberSecurityPulse: Dude, Where Are My Bitcoins?

ElevenPaths    20 February, 2018

Numerous types of attacks are affecting cryptocurrency users: families of malware that steal wallets, phishing attacks that try to forge platforms where users manage their bitcoins, applications that use the CPU of users to mine… And, in addition, those that prefer to manage their own money without delegating responsibility to a third party they will also have to deal with the problem of losing private keys or not remembering the password with which we protected the wallet.

If it has happened to you and you have protected your wallet with a password, maybe you do not have everything lost. John the Ripper, a password cracking software tool, contains plugins that crack differents wallets: bitcoin2john, blockchain2john, electrum2john, ethereum2john and multibit2john. In the first place, we will have to select the type of plugin that we are going to use depending on the type of wallet that you are using. Then, you pass that content to a text file, launch John The Ripper ./john with the file name and, finally, cross the fingers!

According to a study conducted by The Genesis Block in 2016, 35% of bitcoins existing at that time had not been used in transactions since 2011. According to them, the majority could correspond to lost bitcoins. Without a doubt, Bitcoin has left many billionaires behind who could have been but who have carelessly lost their money.

Top Stories

Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack

Security firm Radiflow discovered cryptocurrency mining malware was found in the network of a water utility provider in Europe. The attack is the first public discovery of an unauthorized cryptocurrency miner impacting industrial controls systems (ICS) or SCADA (supervisory control and data acquisition) servers. Kfir, CTO at Radiflow, explained that Radiflow is still in the early stages of the investigation, but so far has been able to determine that the cryptocurrency mining software was on the water utility’s network for approximately three weeks before it was detected.

More information at Eweek

Olympic Destroyer Takes Aim At Winter Olympics

Sunday 11th February the Olympic games officials confirmed a cyberattack occurred but did not comment or speculate further. The samples identified, however, are not from adversaries looking for information from the games but instead they are aimed to disrupt the games. The samples analysed appear to perform only destructive functionality. There does not appear to be any exfiltration of data. The destructive nature of this malware aims to render the machine unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment.

More information at Talos Intelligence

Rest of the Week´s News

Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs

Grammarly has fixed a bug with its Chrome browser extension that exposed its authorization tokens to websites, allowing sites to assume the identity of a user and view their account’s documents. “I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations,” said Tavis Ormandy, a researcher at Google’s Project Zero, in a Feb. 2 forum post. “Users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites.”

More information at Threat Post

Hackers Exploit Telegram Messenger Zero-Day Flaw to Spread Malware

A zero-day vulnerability has been discovered in the desktop version for end-to-end encrypted Telegram messaging app that was being exploited in the wild in order to spread malware that mines cryptocurrencies such as Monero and ZCash. The flaw has actively been exploited in the wild since at least March 2017 by attackers who tricked victims into downloading malicious software onto their PCs that used their CPU power to mine cryptocurrencies or serve as a backdoor for attackers to remotely control the affected machine.

More information at Securelist

Hackers Exploiting Bitmessage Zero-Day to Steal Bitcoin Wallet Keys

Bitmessage developers have warned of a critical ‘remotely executable’ zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. According to Bitmessage developers, it affects PyBitmessage version 0.6.2 for Linux, Mac, and Windows and has been exploited against some of their users. “The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell,” Bitmessage core developer Peter Šurda explained in a Reddit thread.

More information at Bitmessage

Further Reading

An APFS Filesystem Flaw Could Lead MacOS Losing Data Under Certain Conditions

More information at Bombich Software

JenkinsMiner Made $3.4 Million in a Few Months by Compromising Jenkins Servers

More information at CheckPoint

Coinhoarder Criminal Gang Made an Estimated $50 Million With a Bitcoin Phishing Campaign

More information at Cyberpolice Ukraine

Leave a Reply

Your email address will not be published.