Cerber ransomware now steals from Bitcoin wallets

Cerber ransomware evolves and now is capable of stealing from Bitcoin wallets
07 August 2017   1140
Bitcoin

Is the first decentralized peer-to-peer payment network that is powered by its users with no central authority or middlemen

The upgraded version of the widespread Bitcoin extortion Cerber, in addition to its "main activity", is now able to steal passwords of browsers and data for logging into cryptocurrency wallets. Thus, the functionality of the program now goes far beyond the encryption of user files.

Cerber ransomwareCerber ransomware

Cerber still arrives via emails with an attached file:

Cerber arrival Cerber arrival

According to trendmicro.com, the JavaScript attachment is dedicated as JS_NEMUCOD.SMGF2B, which leads to the download of the Cerber variant (detected as RANSOM_HPCERBER.SMALY5A).

Blockchain

Distributed database that is used to maintain a continuously growing list of records, called blocks

However, the new Cerber targets Bitcoin wallets for theft as well. It targets the wallet files of three Bitcoin wallet applications (the first-party Bitcoin Core wallet, and the third-party wallets Electrum and Multibit). It does this by stealing the following files, which are associated with their respective applications:

  • wallet.dat (Bitcoin)
  • *.wallet (Multibit)
  • electrum.dat (Electrum)

Cerber also tries to steal the saved passwords from Internet Explorer, Google Chrome, and Mozilla Firefox. Note that this information theft takes place before any encryption is carried out. Saved passwords and any Bitcoin wallet information found are sent to the attackers via the command-and-control servers. It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims, as trendmicro.com reports.

This new feature shows that attackers are trying out new ways to monetize ransomware. Stealing the Bitcoins of targeted users represents a valuable source of potential income.

Crypto Investor to File Lawsuit Against AT&T

Michael Terpin believes that AT&T helped scammers to still his $24M worth crypto
16 August 2018   125

In the Los Angeles District Court, a 69-page lawsuit was filed by BitAngels founder Michael Terpin against the American telecom giant AT&T. Terpin claims that the operator assisted fraudsters in "stealing digital personal data" from the account on his smartphone, which is why he lost $ 24 million in cryptocurrency, according to an official release.

According to Terpin, for seven months, there were two hacks. Initially, an attacker got access to his phone number without providing a password or correct identification data. Later, the phone number was used to steal crypto.

AT&T’s studied indifference to protecting its customers’ privacy and financial assets is a metastasizing cancer, threatening hundreds of millions of unsuspecting AT&T’s customers. Our client had no idea when he initially signed up, nor when later he was promised the highest level of security for his account, that low-level retail employees with access to AT&T records, or people posing as them, can be bribed by criminals to override every system that AT&T advertises as unassailable.
 

Pierce O’Donnell
Lead counsel for Terpin in this complaint

Michael Terpin requires AT & T to pay him $ 224 million - $ 200 million for moral damages and $ 24 million for actual theft.