Researchers Discover New Cryptocurrency-Focused Trojan

Published at: Aug. 9, 2019

Computer analysts at cybersecurity firm Zscaler ThreatLabZ have found a new type of trojan that targets cryptocurrency users.

In a blog post published on Aug. 8, the company reveals that it identified a new remote-access trojan (RAT) that is able to capture administrative control of the targeted computer, retrieve browser history and look for activities involving cryptocurrency, credit cards, business, social media and others.

The malware is called Saefko and is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications. The post further explains:

“RATs are usually downloaded as a result of a user opening an email attachment or downloading an application or a game that has been infected. Because a RAT enables administrative control, the intruder can do just about anything on the targeted computer, such as monitoring user behavior by logging keystrokes, accessing confidential information, activating the system's webcam, taking screenshots, formatting drives, and more.”

Zscaler recommends that individuals do not download or open files from untrusted sources and states that network administrators should block unused ports, turn off unused services and monitor outgoing traffic.

Crypto malware walk the earth

Earlier this week, news broke that Chinese state espionage cyber unit APT41 is targeting cryptocurrency- and video game-related businesses. Researchers from cybersecurity company FireEye claim that “the group is also deployed to gather intelligence ahead of imminent events, such as mergers and acquisitions and political events.”

In June, cybersecurity firm ESET detected what it describes as an unusual and persistent cryptocurrency miner distributed for macOS and Windows since August 2018. The malware, dubbed “LoudMiner,” uses virtualization software — VirtualBox on Windows and QEMU on macOS — to mine crypto on a Tiny Core Linux virtual machine, thus having the potential to infect computers across multiple operating systems.

A report by cryptocurrency intelligence firm CipherTrace published in April estimated losses from digital currency theft and scams in the first quarter of 2019 at $356 million, with additional fraud or misappropriated fund losses amounting to $851 million in the same period. Alarmingly, this Q1 total of $1.2 billion constituted 70% of the total losses to crypto crime in all of 2018, indicating intensified hacking activity in the first months of 2019.

Tags
Related Posts
15 Arrested in China for Allegedly Bribing Internet Cafe to Mine Crypto
Chinese authorities arrested fifteen men suspected of corrupting an internet café administrator to mine cryptocurrency. Local crypto industry news outlet 8BTC reported on Sept. 3 that police in Henyang, a city in south central China’s Hunan province, arrested the man for cryptojacking. Over 9,000 computer administrators were reportedly involved in helping the unauthorized mining operation. A profitable endeavor The cryptocurrency mined by the suspects in the four months ending in July has been sold for over a hundred million yuan (about $14 million). Local police received a report suggesting that many local Internet cafes were running cryptojacking malware. The findings …
China / Sept. 4, 2019
Cryptojacking Protection an Area of Focus for Microsoft’s Edge Browser
Edge, the web browser of information technology giant Microsoft, now blocks cryptojacking malware. A Microsoft Edge spokesperson told Cointelegraph on Feb. 10 that the latest version of the web browser features a new PUA (Potentially Unwanted Apps) blocking feature that may block some illicit cryptocurrency mining malware. When asked about whether Microsoft plans to protect Edge users from illicit cryptocurrency miners, the spokesperson said that “this will be a particular area of focus.” As cryptojacking is increasingly becoming a cybersecurity threat, efforts to tackle the issue are also scaling up. A new cybersecurity feature Cryptojacking is the practice of illicitly …
Altcoin / Feb. 10, 2020
Judge Denies AT&T Request for Dismissal in $224M SIM Swap Crypto Case
The federal judge overseeing Terpin v. AT&T — a legal battle pertaining to stolen crypto via SIM-swapping that has been going on for almost a year — has denied the telecom giant’s motion for dismissal. As previously reported by Cointelegraph, investor Michael Terpin had sued AT&T for $224 million. Terpin reportedly lost $24 million as a result of theft, and is seeking an additional $200 million in punitive damages. Terpin claims that he lost the foregoing assets in two hacks within seven months, due to the telecom provider’s alleged cooperation with the hacker and gross negligence. Judge Wright denied AT&T’s …
Cryptocurrencies / July 23, 2019
US Authorities Seek Extradition of Alleged Crypto Scammer
The United States Department of Justice (DoJ) has unsealed a fraud complaint against Swedish citizen Roger Nils-Jonas Karlsson and associated firm Eastern Metal Securities (EMS), according to a press release on June 19. According to the DoJ Karlsson and EMS are charged with committing securities fraud, wire fraud and money laundering. Specifically, Karlsson allegedly instructed investors to pay for his products using virtual currencies, such as the cryptocurrency bitcoin (BTC). According to the complaint, the EMS website was registered to a made-up person, and offered shares of “Pre Funded Reversed Pension Plan” of which investors could allegedly purchase shares at …
United States / June 20, 2019
Crypto Price Tracking App CoinTicker Installs Backdoors to Control Host Computer: Report
Cybersecurity publications were sounding the alarm over cryptocurrency malware again Monday, Oct. 29 after a Malwarebytes forum user reported a price monitoring app for macOS was a trojan. Confirmed in a blog post by the cybersecurity software developer, community member 1vladimir reported suspicious behavior by an app called CoinTicker over the weekend. The app purports to let users track cryptocurrency prices from within the Mac toolbar, which update automatically. “Although this functionality seems to be legitimate, the app is actually up to no good in the background, unbeknownst to the user,” Malwarebytes’ blog post explains, adding: “Without any signs of …
Cryptocurrencies / Oct. 30, 2018