Is the first decentralized peer-to-peer payment network that is powered by its users with no central authority or middlemen
The upgraded version of the widespread Bitcoin extortion Cerber, in addition to its "main activity", is now able to steal passwords of browsers and data for logging into cryptocurrency wallets. Thus, the functionality of the program now goes far beyond the encryption of user files.
Cerber still arrives via emails with an attached file:
Distributed database that is used to maintain a continuously growing list of records, called blocks
However, the new Cerber targets Bitcoin wallets for theft as well. It targets the wallet files of three Bitcoin wallet applications (the first-party Bitcoin Core wallet, and the third-party wallets Electrum and Multibit). It does this by stealing the following files, which are associated with their respective applications:
- wallet.dat (Bitcoin)
- *.wallet (Multibit)
- electrum.dat (Electrum)
Cerber also tries to steal the saved passwords from Internet Explorer, Google Chrome, and Mozilla Firefox. Note that this information theft takes place before any encryption is carried out. Saved passwords and any Bitcoin wallet information found are sent to the attackers via the command-and-control servers. It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims, as trendmicro.com reports.
This new feature shows that attackers are trying out new ways to monetize ransomware. Stealing the Bitcoins of targeted users represents a valuable source of potential income.