Showing posts with label Crypto Currencies. Show all posts
Showing posts with label Crypto Currencies. Show all posts

Wednesday, 5 September 2018

MEGA Warns Against An Infected Chrome Extension That Steals Data



The popular cloud storage service MEGA has warned users of an infected version of its own Chrome extension that was distributed through the official download channel and tried to steal all kinds of user data. According to MEGA, the cloud storage service of internet entrepreneur Kim Dotcom, an attacker has gained access to the official Chrome Web Store account of the company.

Then an infected version of the MEGA Chrome extension was placed in the Web Store and automatically offered to existing users. This version required permission to read data on all websites. As soon as users granted this permission, the extension tried to steal private keys for cryptocurrency wallets and user names and passwords for Amazon, GitHub, Google and Microsoft accounts.

After five hours, the infected Chrome extension was removed from the Chrome Web Store by Google. MEGA states that it has initiated an investigation to find out how the Web Store account could be taken over. The cloud storage service also gets to Google because it does not allow developers to sign their Chrome extensions. The extensions are now automatically signed after being uploaded to the Chrome Web Store. According to MEGA, this will remove an important measure that must protect against attackers.

Before MEGA gave the warning, Jeremy Nation of MetaCert already came up with an analysis of the infected extension. It is not the first time that attackers get access to the Web Store account of an extension developer and then distribute an infected update or version. At the end of last year, eight Chrome extensions were discovered that had been hacked and adware was installed by the 4.6 million users. The attackers had been able to trace the login data for the Web Store through these phishing attacks.

Thursday, 15 March 2018

Microsoft: Shift From Ransomware To Cryptominers



Millions of computers have come into contact with cryptominers in recent months, while the number of cases of ransomware has declined, according to Microsoft today. From September last year to January of this year, an average of 644,000 unique Windows computers were detected each month and encountered a cryptominer.

This involves malware that can be installed on the computer in various ways and allows the system to mine cryptocurrency. While there is a clear increase in the number of cryptominers, the number of computers encountered by ransomware is decreasing. A possible reason is that cryptominers are now also distributed via exploit kits, as well as via malicious e-mail attachments.


"It is unlikely that cyber criminals will completely abandon ransomware in the short term, but the increase in trojanised cryptominers shows that attackers are exploring the possibilities of illegally earning money with this newer method," said Eric Avena of Microsoft. Because cyber criminals now choose more for cryptominers, this malware will also take over the behavior of already known threats, according to Avena. As an example, he points to the NeksMiner, who places a copy of himself in shared network folders and on USB sticks to propagate further, like all kinds of other malware.

Wednesday, 28 February 2018

Coinhive Code Injected On LA Times Website


The website of the American newspaper the LA Times has unknowingly implemented Coinhive code in order to minate Monero's. The code has certainly been on an interactive map of the newspaper about murders in cities since 9 February , researchers from Bad Packet's report have discovered. The code let the CPU run just below 30 percent of its power to remain unnoticed, writes John Dunn from security company Sophos .

The code has been injected via a poorly secured Amazon AWS S3 bucket. This S3 bucket offered visitors write permissions. The researchers also found a message that suggested that someone else had access, in addition to the Bad Packet Report researchers and the cryptojackers themselves. The message was as follows:

Hello, this is a friendly warning that your Amazon AWS S3 bucket settings are wrong.
Anyone can write to this bucket. Please fix this before a bad guy finds it.

After the researchers informed the newspaper about the incident, the code was cleaned up and the cloud environment better secured. Coinhive has also lifted the account that was linked to the code. The researchers suspect that approximately 24 dollars of crypto currencies have been generated.