Threat Alert: New Trojans Targeting Major Crypto Exchanges Apps Discovered

Published at: Feb. 29, 2020

ThreatFabric, an Amsterdam-based cybersecurity firm specializing in threats to the financial industry, has identified the "Cerberus" Trojan that steals 2-Factor Authentication (2FA) codes generated by the Google Authenticator app for internet banking, email accounts, and cryptocurrency exchanges.

US-based cryptocurrency exchange Coinbase is one of the crypto platforms listed in Cerberus’ exhaustive list of targets — which also includes major financial institutions around the world and social media apps. 

The cybersecurity firm notes that it has not identified any advertisement on the dark beb for Cerberus’ updated features, leading it to believe that the updated version is “still in the test phase but might be released soon.”

Cerberus updated during early 2020

ThreatFabric’s report states that the Remote Access Trojan (RAT) “Cerberus,” was first identified during the end of June, superseding the Anubis Trojan and emerging as a major Malware-as-a-Service product.

The report states that Cerberus was updated in mid-January 2020, with the new version introducing the capability to steal 2FA tokens from Google Authenticator, as well as device screen-lock PIN codes and swipe patterns.

Once installed, Cerberus is able to download a device’s contents, and establish connections providing the malicious actor with full remote access over the device. The RAT can then be used to operate any app on the device, including bank and cryptocurrency exchange apps.

“The feature enabling theft of device’s screen lock credentials (PIN and lock pattern) is powered by a simple overlay that will require the victim to unlock the device. From the implementation of the RAT we can conclude that this screen-lock credential theft was built in order for the actors to be able to remotely unlock the device in order to perform fraud when the victim is not using the device. This once more shows the creativity of criminals to build the right tools to be successful.”

Banking Trojans increasingly target crypto wallet apps

The report also examines two other RATs that rose to prominence after Anubis — “Hydra” and “Gustaff.”

Gustaff targets Australian and Canadian banks, cryptocurrency wallets, and government websites, while Hydra has recently expanded in scope after mostly targeting Turkish banks and blockchain wallets.

Including Cerberus, the three Trojans target at least 26 cryptocurrency exchanges and custody providers. The targets include several leaders in the crypto sector, including Coinbase, Binance, Xapo, Wirex, and Bitpay. 

More than 20 of the targets are wallets providers offering support for leading cryptocurrencies including Bitcoin (BTC), Ethereum (ETH), and Bitcoin Cash (BCH)

A potential defense against Cerberus is to use a physical authentication key to prevent remote attacks. These keys require a hacker to have the actual device in their presence, which helps minimize the risk of a successful attack.

Tags
Related Posts
Coinbase creates support phone line for account takeovers
Coinbase has announced a new support phone line for customers who believe their account has been compromised by outside actors. Users will be able to speak to a live support agent, who can kick off an investigation immediately. In an industry where support tickets and emails are the standard method of communication, Coinbase expects that this implementation could help users save valuable time when dealing with this type of crisis. Coinbase also offers its customers additional layers of protection that include two-factor authentication, unknown device recognition and advanced hardware security keys. Account takeovers, or ATOs, involve a malicious actor gaining …
Technology / Aug. 19, 2021
Binance Security Report Sheds Light On Crypto Scams
A report released by major crypto exchange Binance illustrates how scams targeting cryptocurrency investors attempt to gain credibility. In the report published on June 30, the exchange explained that its Binance Sentry risk investigation service observed reports of fraudulent investment schemes promising quick or exponential returns on cryptocurrency investments. The frauds do not just concern crypto but also forex, binary options and contracts for difference (CFDs). Binance published the report after a Bitcoin (BTC) scam targeted the residents of Winnipeg, Canada, in late June. Scams are often well-organized, big operations Scam organizations are frequently the subject of regulatory warnings but …
Blockchain / July 2, 2020
Do You Know The Most Valuable Blockchain Companies?
Research firm Hurun published a list of global unicorns, or companies worth more than a billion dollars, in 2020. This ranking features all billion-dollar tech startups founded in the 21st century that are not listed yet listed on public exchanges. The report, named “Hurun Global Unicorn Index 2020,” shows that there are a total of 586 unicorns globally — up from 494 companies listed in the 2019 ranking. The blockchain industry represents 2% of the list. Ripple takes the top spot as the company with the highest valuation in the sector. It ranks at #23, which is up from last …
Technology / Aug. 4, 2020
Bitcoin Private Team Accuses Crypto Exchange HitBTC of Fraud After Delisting
Bitcoin Private (BTCP) developers have accused cryptocurrency exchange HitBTC of acting in a fraudulent manner in regards to their delisting from the exchange following a planned coinburn. The accusations are portrayed in a letter written on Feb. 26 to the exchange by the Petros Law Group on behalf of the BTCP community, developers and contributors, and published by the Bitcoin Private Twitter profile on March 9. According to its authors, the letter — which was published the day BTCP was delisted from HitBTC — alleges that HitBTC attempted to extort BTCP following unresolved complications arising from the coinburn. According to …
Altcoin / March 10, 2019
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023