A mining trojan hacks PCs

OS Windows can be infected, but there is a way to protect it
22 June 2017   1695
Blockchain

Distributed database that is used to maintain a continuously growing list of records, called blocks.

New Trojan uses a NSA hacking tool to infect computers with Windows. The virus uses available resources on a PC to mine XMR (Monero).

Russian antivirus Dr.Web spotted this virus first. This trojan was discovered under the generic name Trojan.BTCMine.1259. Malware uses an NSA hacking tool named Doublepulsar. It is used to infect computers running non-secure Server Message Block (SMB) services – a network protocol that is being used for sharing files, printers, and serial ports.

Once infected, the virus creates a "backdoor" that allows the hackers to execute code on a machine. Then the NSA’s Doublepulsar exploit is being used to download an original malware loader onto the infected PC. Then the computer is scanned to determine if enough resources are available to execute its payload. If resources are available, a generic malware loader will download a cryptocurrency miner program and begin to mine XMR for the hacker’s wallet. Experts also note interesting "feature" -  virus is able to shut itself down when Task Manager is launched, allowing the malware to remain unspotted.

Trojan.BtcMine.1259 is not the first "mining" virus that uses the Doublepulsar exploit. A similar virus Eternalminer was detected last week. It targets Linux for XMR mining. Wannacry also incorporated Doublepulsar into its protocol, using the exploit as the basis for the SMD worm.

Doublepulsar exploited was spotted in April 2017 by Shadow Brokers with reports that over 36,000 computers had been infected by various viruses utilizing the exploit on April 21st. In April, experts suggested that the real number of infected machines was over 100000. The number of infected computers is now estimated to around 16000, due to Windows system update MS17-010.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   1011

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.