Cryptocurrency Blog

  • Kaspersky Says Botnets Are Being Repurposed For Cryptojacking

    What exactly is Cryptojacking? Well it’s the act of hijacking a computer for the sole reason to mine cryptocurrency. The act is actually very profitable, despite illegal, and isn’t showing any signs of slowing down, says Kaspersky.

    Bitnets are increasingly being pointed towards illegal software in hopes to hijack unsuspecting users of pirated software. The number of unique users being attacked by cryptojacking has increased significantly over the 1st three months of 2018. How such software is attacking, normally is through pirated software or injected malware from the common mediums, which are designed to harness the machine’s processing power to mine cryptocurrencies.

    Leaving DDoS In Search Of Riches With CryptoJacking

    Botnets such as the yoyo botnet have had their DDoS activity drop dramatically, with no data about the botnet being dismantled, reducing the possible activities to cryptojacking or other unknown activities. Cryptojacking is more common to be found in countries where pirated software laws are more relaxed, allowing for more potential victims to be entered into the pool of potential botnet hashing power.

    US users were said to be the least affected, making up only 1.33% of the total cryptojacking attacks detected, followed by Switzerland and Britain. However countries with lax piracy laws, such as Kazkhstan, Vietnam and Indonesia topped the list of victims to cryptojacking

Malicious Code Was Injected Into BitPay’s CoPay Wallet By Fake Developer

The Copay wallet by BitPay has been compromised by a hacker, the firm reports. On Monday, BitPay announced that it learned from a GitHub report for Copay that 3rd party javascript libraries used by the apps had been modified to load malicious code.

The malware was only deployed on Copay versions 5.0.2 through 5.1.0 of it’s Copay and BitPay wallet apps, and could potentially be used to capture private wallet keys that can be used to steal or drain the wallets of cryptocurrency.

BitPay Stresses, Users Should Assume That Private Keys Were Affected And To Move Funds To New 5.2.0 Wallets

Since it doesn’t take long to steal the funds of an account, the longer the wait, the more likely it is to think that private keys can be seen and used. Users should 1st update their wallets and then send all funds to affected wallets to brand new wallets on the version 5.2.0 using the send max feature to send ALL FUNDS out of the affect wallet.

The supposed fake dev, goes by the name Right9ctrl and took maintenance of the NodeJS library from it’s author who no longer had time for the work. THe social engineering attack occurred about three months ago when Right9cntrl was granted access to the repository and at that time, the malware was injected.

This is a major reason why using 3rd party libraries isn’t a very smart thing to do, if you have to use libraries, make sure you have someone able to monitor such for these types of malicious attacks and NEVER COPY website LIBRARY REFERENCES, use your own!

Almost $1 Billion Stolen So Far This Year Via Cryptocurrency Hacks

It’s no surprise that the cryptocurrency industry is growing, and so is the total amount hackers are going home with. The total amount roughly $927 million has been moved from legit hands to less legit hands and many of these hacks were preventable. Just one of the altcoin hacks made up more than half of that total amount stolen this year, at a cool crisp $530 million, from the Japanese exchange coincheck.

The Roll Out Of Consistent Regulations

With the lack of cryptocurrency regulations across the board, the ability to launder and pass through exploits gave much of the chances needed to acquire the almost $1 Billion stolen.

Zaif a Japanese cryptocurrency exchange, is announcing a plan to compensate victims of a major hack last month, a result of new management of the exchange.

The future will not be safer for users of altcoins, but on a united front, will become more difficult to operate exploits within.

Beware of Cryptojacking

Yes, Cryptojacking, it’s a real thing, What is cryptojacking?

So basically, it’s when a browser, application, or other connected medium, is hijacked via a script in most cases and used to mine cryptocurrency and send to a desired wallet address. Often it targets poorly managed CMS websites, that almost never get updated, but often email phishing attacks and even social engineering attempts have been made to just get users to click a link and let the script take care of the rest.

Cryptocurrency Cryptojacking is a big deal in India and even has been worldwide with the latest issue from ” Coinhive Cryptojacking Script Issue ” it’s been a real problem.

Best thing you can do is to be vigilant, and knowledgeable, stay informed and educated about current threats an how to avoid them.

Remember if you want to avoid cryptojacking never:

  • Click on unknown links in emails
  • Use untrusted applications or broswer extensions
  • Forget to update Outdated web products like CMS ( wordpress, and applications)