While the cryptocurrency mania that drove Bitcoin’s price to $20,000 may have eased, the threat posed by the most experienced cybercriminals hasn’t disappeared.
In fact, prominent information security firm Kaspersky Labs has detailed how some of the internet’s most well-known malware has evolved to better target cryptocurrency users and services.
Kaspersky’s researchers identified five threats to cryptocurrency users, as hackers rush to exploit those who are still learning to navigate the new digital asset economy.
1. Trojan horses
This quarter saw the notorious Trojan Rakhni morph to more efficiently steal cryptocurrency. When Rakhni was found back in 2013, it was purely focused on encrypting devices and holding data to ransom.
Kaspersky Labs notes that new versions of Rakhni have been found in the last three months. The new ones start by checking to see if there are Bitcoin-related folders stored on the target computer. If it finds a match, it will encrypt the device and demand a ransom.
If none exist, Rakhni installs malware that steals computing power to generate cryptocurrency before attempting to spread across the rest of the computers in the network.
Last week, Hard Fork reported that the Swiss ranked two similarly-evolved Trojan horses as some of the most widespread malware infesting Switzerland’s internet.
2. Social engineering and phishing
Cybercriminals have also ramped up their focus on social engineering to exploit newbie cryptocurrencers. Traditional techniques like phishing and fraudulent websites are still on the rise .
In the first half of 2018, Kaspersky recorded 100,000 attempts to redirect unsuspecting people to fake pages that mimic the authorization pages of popular cryptocurrency exchanges like Binance, Kraken, and Bittrex.
The quarterly analysis also reveals that attackers are also luring victims into divulging sensitive information by tricking them into a formal identification process after registering with the fake cryptocurrency services.
“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency,” Kaspersky warns. “In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”
3. Cryptocurrency mining botnets
‘Botnets’ refer to networks malware-infected computers capable of being controlled remotely. Usually, botnets are focused on distributing malware via spam, or performing crippling Distributed Denial-of-Service Attacks (DDoS).
Over the past three months, that’s changed. Kaspersky claims cybercriminals are starting to view botnets primarily as tools for cryptocurrency mining.
The researchers found the number of botnets spreading cryptocurrency mining malware increased this year. The instances of malware being downloaded via special virus-loaders called ‘droppers,” also increased. Droppers are typically distributed by machines controlled by a botnet.
“[This reflects] the fact that attacks are multi-stage and growing in complexity,” Kaspersky explains. “[But i]ncreasingly, botnets are leased according to the needs of the customer, so in many cases it is difficult to pinpoint the ‘specialization’ of the botnet.
Overall, this shift has led to Kaspersky Labs recording over 2.7 million instances of people coming into contact with cryptocurrency malware since 2017.
4. Sextortion
The Bitcoin ‘sextortion’ email was one of the most common scams of this quarter.
Those behind the scam attempted to garner credibility by using stolen passwords to create the illusion that the victim’s computer had been compromised, and the attacker had recorded a video of them enjoying some pornography.
The fraudsters then threaten to send a copy of the video to all of the victim’s contacts, lest they pay four-figure Bitcoin ransom within a day.
“The scammer includes a legitimate password in the message, in a bid to convince the victim that they have indeed been compromised,” Kaspersky explains. “It seems that the passwords used are real, although in some cases at least they are very old. The passwords were probably obtained in an underground market and came from an earlier data breach.”
5. Malware on Mac OS
Despite the numerous threats analyzed by Kaspersky Labs over the year, the state-sponsored hacking crew Lazarus maintains as the primary driving force for attacks on businesses and financial operators within the cryptocurrency sector.
Hard Fork previously reported Lazarus had successfully infiltrated popular cryptocurrency exchanges , fintech companies, and even banks, by tricking employees into downloading a Trojanized (and fake) cryptocurrency trading application.
Kaspersky Labs warns the groups success will lead it to build new malware specifically for Linux operating systems, considering this is the first instance of Lazarus using malware specifically designed for Mac OS.
“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools,” Kaspersky researchers noted. “The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”
Lazarus is no joke. A few months ago, the group was found to be the most powerful cryptocurrency hackers in the world , having earned a whopping $571 million in ill-gotten cryptocurrency since last year.
Forbes wants to fix journalism with blockchain, but journalists are skeptical
Publishing giant Forbes is joining a blockchain-based journalism network to begin experimenting with publishing its content using decentralized tech.
In an announcement yesterday , Forbes revealed it has teamed up with blockchain-powered journalism platform, Civil, in an effort to gain more trust with readers. As part of the collaboration, Forbes will also publish content on the blockchain.
But you might have to wait to read one of Forbes’ “decentralized” articles. Forbes says it will start uploading content to the blockchain next year.
For starters, the company will store articles’ metadata on Civil. The metadata includes all of the information of an article that isn’t the article itself. Basically, any information like authors, publications, time of publishing, and so on.
According to Civil, all data Forbes uploads will be immutable – since it will reside on the blockchain. As such, all such articles will be marked with a “Civil Badge.”
Fingers crossed no one starts fraudulently copying this badge, and claiming false integrity.
Some remain skeptical of whether publishing metadata to Civil’s blockchain will deliver on its promising of greater journalistic integrity.
For the record, Forbes is not the only publication to have expressed interest in trialing blockchain tech. The Associated Press (AP) also recently announced plans to work with Civil.
Yet, despite interest from the industry. Media insiders remain skeptical that Civil’s use of blockchain will be enough to fix the medium.
For one, blockchains tend to have limited capacity when it comes to storing content. It is also not clear precisely how decentralized Civil’s platform is. Another concern is that Civil has its own native token, which might create some ethical concerns – depending on Civil’s tokenomics model.
So, while the announcement might seem like an optimistic development, there are tons of hurdles Forbes and Civil need to work out to make this experiment a success.
Craving more blockchain? Join us at Hard Fork Decentralized, our three-day event in London. We’ll discuss the industry’s future together. You can now register on our website !
Watch out: Calìbra.com isn’t the same as Facebook’s Calibra.com
Headlines have been saturated with news of Facebook‘s new “cryptocurrency,” called Libra, over the past week. Well, some opportunistic scammers are taking advantage of the interest and trying to con people with a fake Libra token pre-sale.
Over the weekend, a fake website surfaced that, on first look, is the same as Facebook’s legitimate Calibraom website. On closer inspection though, it becomes fairly obvious that the fake website, Calìbraom, isn’t associated with the digital asset or the social media giant.
The fake website is exploiting a strategy that uses unicode characters , that look similar to regular characters, to trick people into thinking the URL is correct. Scammers will usually embed this fake URL into hyperlinks to further obscure its true nature.
In this case, scammers are using unicode character U+00EC , otherwise known as “ Latin small letter I with grave ,” to change Calibra to Calìbra. Visually, a very minor difference. (When I first saw it, I thought there was some dust on my screen.)
Both websites have the same marketing materials, wording, and slogans, except in the top right corner, the fake website is promoting a “Pre-Sale Libra Currency” button.
Clicking the button takes users to another website which claims to offer a 25-percent pre-sale bonus.
It’s offering 600 LBR (Libra) in exchange for 2 Ethereum, or 8,000 LBR for 20 Ethereum. While there’s a bit of variance, it seems scammers are staying true to the promise of 1 Libra being worth 1 US dollar.
It’s unclear if anyone has been caught short by this scam, yet.
A quick whois look-up on the domain name further confirms that this is probably not connected to the “Big F.” In fact, the URL’s IP address is located in Moscow, and last time I checked, Facebook and Russia don’t always play nice .
Anyone following Libra will know Facebook is way off selling its digital coin to the broader public yet, so this fakery should be fairly obvious. Hard Fork has reached out to Facebook to see if they are aware of the fake website, we’ll update this piece if we learn more.
Facebook‘s digital asset will have more than one token , there’ll be the publicly used Libra, and a second Libra Investment Token (LIT) that will be available to members of the Libra Association.
At the time of writing, there has been no news of Facebook offering either of these tokens for sale.
Nice try hackers, but I reckon most people will spot this one. I certainly hope they do.