Cryptocurrency-hijacking malware ‘Clipper’ discovered on Google’s Play Store

Google Play has once again caused security concerns in the cryptocurrency community, with the discovery of a Malware named “Clipper,” making the rounds on the application store.
“Clipper” was first seen in an impersonation of MetaMask, a full-browser extension that allows a web-browser to run Ethereum applications without the full node. The malware keeps a track of the copy-paste clipboard in the affected system and corresponds those values to the alpha-numeric code of the user’s cryptocurrency address. Since the address is quite complicated, several users use the copy-paste shortcut to enter the code, the same is the target of the malware.
After the address is identified whilst on the device’s clipboard, the hacker will replace the original address with his own, if this swap is not detected, the cryptocurrency in the said transaction will flow to the hacker’s account.
Clipper was the first known malware application of this sort to breach Google’s robust verification procedure; the application was eventually picked up by Eset, a cybersecurity company.
Since cryptocurrencies are dependent on technology and large-scale investment, they have been the easiest target for malicious actors who curate a phony-technology that can circumvent a user’s computer and security system in place, and steal their cryptocurrencies right off their device.
Moreover, instead of stealing the actual cryptocurrency, malicious software has been created to steal the computational power off a device, which will allow third-party users to use the device to mine cryptocurrencies, a process called, “crypto-jacking”.
Popular websites like the file-sharing giant, The Pirate Bay, used the web browser miner called CoinHive to ‘crypto-jack’ their customers’ home devices. Some users felt cheated about the mining scam, others were compliant if they received a service and were informed about the same by The Pirate Bay, right at the outset.
A recent report by the Moscow-based computer security software maker, Kaspersky Labs, stated that the crypto-jacking incidents have increased by 400 percent just in the whole of 2018. The study noted that the total number of reported cases have shot up to 13 million, in 2018, an increase of 400 percent against the 3.5 million cases recorded in 2017.
The Bitcoin mining device manufacturer, Bitmain was also accused of creating devices that would mine cryptocurrencies on behalf of the company and not the intended user. A miner based out of California even filed a class-action lawsuit against the manufacture accusing the company of using their ASIC devices of defrauding customers. The lawsuit was filed by a Gor Gevorkyan, an owner of an Antminer 9, who stated that the default setting on the device contributes to Bitmain’s own account on its Antpool server.
Another report from the security firm Symantec stated that based on data of December 2017, 24 percent of all web attacks emanate from Coinminers and over the last three months of 2017 alone, the figure was 16 percent. The report added:
“There were twice as many detections of coinminers on consumer machines than enterprise in December, when browser-based coinminers surged, indicating that coinminers are affecting consumers more than enterprise users.”
The post Cryptocurrency-hijacking malware ‘Clipper’ discovered on Google’s Play Store appeared first on AMBCrypto.
Source: AMB Crypto

Cryptocurrency Scam Alert: Mac Exchange Users Targeted

Reports by a cyber security firm claim to have identified a piece of malware designed to beat the two-factor authentication commonly used to help protect various online accounts. The software steals credentials, including browser cookies, to allow access to cryptocurrency exchange accounts. CookieMiner, as the malware is known, targets exclusively Mac users owing to the cross-device functionality of Apple’s products.
In addition to stealing login details and creatively subverting security precautions, the CookieMiner malware also uses the victim’s machine to covertly mine an obscure digital asset called Koto.
Mac Users Beware: CookieMiner Malware Puts Cryptocurrency Traders at Risk
According to research conducted by Palo Alto Networks, a new piece of malware is targeting Mac users. The cyber security firm have nicknamed the attack “CookieMiner”. This is because the software steals cookies from a victim’s infected machine, along with covertly mining cryptocurrency to enrich those behind the scam – known as cryptojacking.
Since cryptocurrency exchanges use multiple layers of security precautions,  a series of different steps are taken to gain access to accounts:

Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.

CookieMiner’s primary purpose is to gain access to Mac users’ accounts at popular digital currency exchanges. However, since exchanges make use of heightened security procedures when users login, their credentials alone are not usually enough to compromise an account. That is why CookieMiner also attempts to trick the exchanges’ automated account protection procedures by also stealing browser cookies. These are used to ensure that the device used to sign in is not flagged as suspicious, even though the account’s owner will never have used that device before.
Cyber criminals are getting increasingly creative when it comes to stealing cryptocurrency.
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts. This gives them full access to any cryptocurrency the victim has stored at the compromised exchange account.
CookieMiner Also Mines Cryptocurrency on Behalf of its Victims
Since the malware provides no guarantees of revenue for those behind it, CookieMiner also installs mining software on the infected machine. Palo Alto Networks claim that the program is made to look like a piece of Monero-mining software. However, instead of mining the most frequently cryptojacked asset, it sets Mac users’ machine mining Koto, another privacy-focused cryptocurrency associated with Japan that can be mined using just a CPU.
Of course, this is hardly the first example of cryptojacking NewsBTC has reported on. Previous example have included efforts by North Korean hackers to earn revenue outside of typical international trade, which the rogue nation is largely excluded from. There is, however, no evidence as of yet to suggest that the CookieMiner attack is related to these past examples.
Related Reading: Security Firm Avast Demonstrates Cryptojacking Risks to Smartphones and IoT Devices
Featured Images from Shutterstock.
The post Cryptocurrency Scam Alert: Mac Exchange Users Targeted appeared first on NewsBTC.
Source: New

Tools of the Trade: Monero and Privacy Coins Are Creating More Efficient Criminals

As if the cryptocurrency space wasn’t controversial enough, the emergence of privacy-focused coins such as Monero allow an end user to cloak their identity, making the currency an ideal choice for cyber criminals.
In Japan, the Financial Services Agency has banned any exchanges from listing such coins, and privacy coins in general are commonly at the forefront of regulatory discussion, primarily centered around their potential contributions to international money laundering.
Monero has already earned the crown for being the cryptocurrency most frequently involved in cryptojacking cases, and now, a new report out of Norway could bring to light additional fears around Monero’s privacy-related functions.
Wife of Norway’s Richest Man Held For $10M Monero Ransom
Multi-millionaire real estate investor Tom Hagen is listed among Norway’s richest men, however, his wealth has unfortunately made him and his family a target for cyber criminals.
Local Norwegian media outlet VG reports that Hagen’s wife, Anne-Elisabeth Falkevik Hagen, age 68, is suspected to have been kidnapped by a group of criminals who are demanding a $10.3 million ransom for her safe return. The criminals are requesting the ransom only be paid in Monero, likely as a way to hide any trace of their operation so they can get away with the crime unscathed.
Related Reading | US Government Aims to Make Privacy Coins’ Use Case Obsolete
Hagen’s wife disappeared suddenly from the family’s Lørenskog home on October 31st, and hasn’t been seen since. Police say they’ve been on the case for “several weeks,” but “have no suspects” in the case. The criminals only communicate over the internet, and have shown no evidence of Falkevik Hagen’s well being.
A note was discovered in the Hagen family’s household claiming that Falkevik Hagen would be killed if authorities became involved or if the Monero ransom wasn’t paid. Chief investigator Tommy Broeske, however, decided to “go public,” because they “need more information” to help track down the criminals and bring Falkevik Hagen home safely.
Monero’s Privacy Features Leave Investigators With No Trail to Follow
The case may not be as difficult for the authorities involved if it weren’t for Monero. Monero uses an obfuscated blockchain that prevents outside observers from determining the source, destination, or even the amount being sent in a transaction.
As a result, investigators on the case are still left with “no suspects,” despite having assistance from Interpol and Europol, and have Hagen’s wealth behind them.
Monero is quickly becoming the cryptocurrency of choice for cyber criminals. Santa Clara-based network and enterprise security company Palo Alto Networks released a report last year that suggested that roughly 5% of all Monero in circulation was mined as a result of malicious cryptojacking software, and that as much as 2% of Monero’s hashpower is derived from cryptojacking scripts.
Related Reading | Crypto Mining Malware Still Abundance Despite Market Decline
A branch of the United States Department of Homeland Security had already set its sights on Monero and the privacy coins, and may be working to develop tools to trace transactions on the blockchains of privacy coins. Should additional cases arise with such high profile individuals, privacy coins will eventually gain more notoriety and may eventually become banned elsewhere across the globe.
The post Tools of the Trade: Monero and Privacy Coins Are Creating More Efficient Criminals appeared first on NewsBTC.
Source: New

South Korea Points to North Korea as Cryptojacking Culprit

South Korean intelligence officials are pointing toward North Korea as being the responsible party behind a string of cryptojacking cases across the country.
North Korea Continues to Mine for Crypto on South Korean Computers
According to a new intelligence gathering report, prompted by an upcoming visit to North Korea’s nuclear test site by international inspectors, a government-mandated audit conducted by South Korea’s National Intelligence Service (NIS) has revealed that North Korean hackers are continuing to mine for cryptocurrencies using hacked computers across South Korea.
The NIS believes that North Korea is cryptojacking unsuspecting user’s computers as a means to generate cash flow into the economically-challenged country, and is continuing to use a malware discovered earlier this year.
Back in January, cybersecurity firm AlienVault identified a malware application tied to North Korea that was being used to hijack computers and use them to mine for cryptocurrency.
The malware found mines for Monero (XMR), a privacy-focused cryptocurrency often at the center of most cryptojacking cases, before sending it to a server at Kim Il Sung University located in Pyongyang, North Korea. Similar efforts from North Korea are continuing on their neighboring country’s computers, causing government officials to become concerned.
North Korea’s Growing Interest in Crypto Continues
North Korea’s interest in cryptocurrencies doesn’t stop with cryptojacking. The rogue nation is also said to be responsible for a pair of cryptocurrency investment scams, have begun using cryptocurrencies to avoid United States-led economic sanctions, and may even be developing a cryptocurrency of their own.
Last week, a report emerged from research firm Recorded Future that dove into the internet-browsing habits of select North Korean government officials.
The research found that North Korea was the likely party responsible for two cryptocurrency scams: a proof-of-stake coin called “hold” and a fraudulent ICO called Marine Chain. Both investment vehicles were used to scam investors out of their hard earned cash.
North Korea also joins Iran and Russia in considering using cryptocurrencies to avoid economic sanctions imposed by the Trump administration. Independent financial analysts Lourdes Miranda and Ross Delston revealed in an interview that North Korea is using “multiple international exchangers, mixing and shifting services” to mirror the money laundering cycle using crypto.
In addition, the duo believes that North Korea could be following Iran’s lead in developing its own national cryptocurrency to further its efforts in evading sanctions. The country would then use the cryptocurrency anonymously under the “guise of a non-adversarial nation” in an attempt to cover their tracks and conceal the origin of the funds.
Featured image from Shutterstock.
The post South Korea Points to North Korea as Cryptojacking Culprit appeared first on NewsBTC.
Source: New

Checking Crypto Prices on Your Mac? Watch Out for Malware

A popular cryptocurrency price ticker available to download for Apple’s Mac computer lineup includes malware that could expose investors to cyber criminals seeking to steal a user’s cryptocurrency holdings.
CoinTicker Mac App Leaves Investors Exposed to Malware
Cyber security firm Malwarebytes Labs, best known for their antivirus and malware monitoring and removal software, has posted a public service announcement on their official blog, warning Mac users of a cryptocurrency price ticker app available to download on the Apple App Store for Mac that leaves users exposed to two potential backdoors for cyber criminals to access.
The app, called CoinTicker, adds a handy price ticker in the status bar at the top of a Mac user’s screen, alongside important information such as the time, date, and wifi connection. The app can be set to show real-time price data for Bitcoin (BTC) and dozens of other altcoins such as Basic Attention Token (BAT) and Monero (XMR), pulled directly from popular exchanges like Bitfinex, Binance, and many more.
Malwarebytes Labs reports that a forum user had discovered that after the app was installed, CoinTicker then installs two open-source backdoors by the name of EvilOSX – in reference to Mac OSX – and EggShell. The two “broad-spectrum backdoors” aren’t malicious on their own, but Malwarebytes Labs believes the access would be used to steal a user’s crypto assets.

“Since the malware is distributed through a cryptocurrency app, however, it seems likely that the malware is meant to gain access to users’ cryptocurrency wallets for the purpose of stealing coins,” the company speculated.

While Apple is known to have a strict process for vetting apps, CoinTicker is currently ranked 100th in Apple’s App Store list of finance-related apps and is putting Apple customers who invest in cryptocurrencies at a significant risk. The oft cited claim from Apple aficionados that their machines are immune to malware is weakening by the day. 
How to Protect Yourself From Crypto-Malware
Cryptocurrency investors are already dealing with enough challenges, including a sometimes difficult-to-understand emerging technology, market uncertainty, and more. But among the most important issues for crypto investors to look out for, are related to malware and personal security.
There are two primary types of cryptocurrency malware users should be aware of: crypto-jacking malware used to mine for cryptocurrencies, and malware geared toward stealing a user’s cryptocurrencies. While crypto-jacking still poses a threat to users, it doesn’t put a user’s assets at risk. It instead hijacks computer resources to mine for cryptocurrencies, and can cause issues like computer slowdown, or cause programs to crash while the malware operates in the background. None of which is a serious threat.
However, it’s the crypto-stealing malware that either steals sensitive user data such as logins and passwords, or replaces crypto wallet addresses copied to a computer’s clipboard with a cyber criminal’s address, that investors need to be extra wary about.
Crypto investors are encouraged to do their own research into crypto-related security measures, however, a few simple steps can go a long way in keeping crypto assets safe:

Only download apps, add-ons, or plug-ins from a trusted third-party.
Ensure all system software and apps, add-ons, and plug-ins are updated regularly.
Look out for any unusual computer slowdown after downloading a new program.
Double- and triple-check crypto wallet addresses before sending.
Regularly scan your computer using a reputable malware removal tool, such as the one provided by Malwarebytes Labs.
Last but not least, never, ever disclose your crypto holdings publicly – it could make you a target.

Image from Shutterstock
The post Checking Crypto Prices on Your Mac? Watch Out for Malware appeared first on NewsBTC.
Source: New

Monero Volunteers Fight Back Against PC Mining Hijackers

The Monero (XMR) community has launched the Malware Response Workgroup website that aims to inform people about the dangers of cryptocurrency mining malware, as well as, best practices to remove such scripts and avoid the growing scam in the first place. The group of volunteers will publish information that will help users avoid crypto-jacking, as well as, provide live support.
“We will not be able to eliminate malicious mining, but we hope to provide necessary education for people to better understand Monero, what mining is, and how to remove malware,” according to Sept.
Continue reading Monero Volunteers Fight Back Against PC Mining Hijackers at Crypto Daily™.
Source: Crypto Daily

Hackers Find Goldmine by Cryptojacking Indian Government Websites

As the Indian government further complicates their stance on whether or not citizens should be allowed to trade and own cryptocurrencies, hackers have found a way to exploit government websites in order to make a fortune in cryptocurrency through a popular hack called cryptojacking.
A team of security researchers have found that multiple government owned websites are being exploited to secretly mine cryptocurrency from unsuspecting computers. These include the director of municipal administration’s website and Tirupati Municipal Corporation’s site, among hundreds of others.
Cryptojacking has become an increasingly popular way for hackers to acquire cryptocurrency by using the computing power of unsuspecting site visitors to mine various cryptos. By using a malicious code embedded in the links to websites, hackers can infect a computer in order to utilize the maximum computing power of the infected computer.
Security researcher, Indrajeet Bhuyan, spoke about the prevalence of this code on Indian government websites, saying that:
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Now, injecting cryptojackers is more fashionable as the hacker can make money.”
Report Comes Amidst Increasing Popularity of Cryptojacking  
Last month, a report from U.S.-based security firm, Palo Alto Networks, confirmed that cryptojacking’s popularity is surging, coinciding with the increase in cryptocurrency’s popularity. The popularity of these attacks stems from the discreetness of the malicious code, as well as the supposed “victimless” nature of the crime.
Although the hacks may initially seem to be harmless, they can pose significant threats to the well-being of infected computers. A report by Russian security firm Kaspersky Labs found that unwarranted cryptocurrency mining can damage the internals and externals of a computer, especially laptops.
The report found that after two days of heavily mining Monero on an unsuspecting computer, the infected device showed physical signs of damage, including a deformed laptop shell due to an expanding battery.
The researcher conducting the research at Palo Alto Networks said that Monero (XMR) is the most popular cryptocurrency mined by cryptojackers, due to its anonymity features. The report notes that:
“By querying the mining pools themselves, instead of the blockchain, we’re able to say exactly how much has been mined without the fear of the data being polluted by payments to those wallets via other sources.”
The report concludes that at the time the research was conducted, a total of 798,613.33 Monero were illicitly mined by cryptojackers. That number has increased significantly in the time since the research was conducted.
The research by Indian cybersecurity companies coincides with this report, finding that many of the government sites, including the official website of Union Minister Ravi Shankar Prasad was infected by the malicious code, which was using computers to mine Monero.
The report notes that “A small chunk of the code installed on a website uses the computing power of any browser that visits the site to mine bits of the Monero cryptocurrency.”
Hackers are increasing their savviness and using new hacking methods in order to increase their profitability while still maintaining discreetness so as not to get caught by authorities.
Featured image from Shutterstock.
The post Hackers Find Goldmine by Cryptojacking Indian Government Websites appeared first on NewsBTC.
Source: New