Trickbot malware attacks cryptocurrencies

Trickbot Trojan malware now attacks not only traditional financial sectors, but also cryptocurrencies
04 September 2017   838

It has been reported lately that Trickbot Trojan malware penetrates the banking systems by using a malvertising campaign. Thus, it is believed that the spam campaign has been active for a few months. The malware attack targets to steal the login details, personal information and authentication codes.

However, now the time has come to the blockchain platform which is closely related to financial institutions.

As Forcepoint reports, they found out that a Trickbot campaign now targets cryptocurrencies and reported to have targeted PayPal

It is significant that the malware also targets Coinbase, a cryptocurrency exchange which solely involves cryptocurrencies like Bitcoin, Ethereum, Litecoin and other digital assets that are now under the threat of being stolen. 

A functional that allows to display a fake login form in the browser when you visit Coinbase.com was found in the Trojan configuration. With the help of Trickbot scammers can steal money from the compromised accounts. According to the reports, this version of Trickbot was discovered last week in a small spam campaign. The Troyan disguised under the documents of the Canadian Imperial Bank of Commerce (CIBC) and was supposedly focused primarily on Canadian users.

Trickbot is a new malware that appeared in the fall of 2016. Some experts speculate that Trickbot and the bank's Trojan Dyre have one developer.

Tesla's cloud account hacked to mine cryptocurrency

Independent security group discovered Tesla's cloud account being hacked and infected with a miner-virus
21 February 2018   23

Cryptocurrencies are on the rise and all sorts of shady characters are trying to get in with dubious methods. Recent string of hacking attacks is a perfect example. And now not only exchanges and users with their hard-earned coins are in danger, but also companies with large cloud infrastructure face the same threat.

RedLock, a security research firm, reports that electric car manufacturer Tesla's cloud account information has been leaked to the internet, which allowed hackers to access the company's cloud. It has been hacked and hardware infected with a miner virus called Stratum. The mining protocol masks itself with low CPU usage and obscuring the IP of the mining server.

Of course, RedLock immediately contacted Tesla with this information and the company quickly got to fixing the breach. Tesla's spokesperson assured us that customer personal information hasn't been compromised, and that the vulnerability was patched in a matter of hours. Only small test park of internally-used engineering sample cars has been impacted and no indication whatsoever discovered that actual customer cars have been compromised in any way.

It certanly looks possible, because according to the same RedLock Cloud Security Intelligence group mining profitability of Tesla's cloud is worth a lot more that all the customer data available could be sold for on the black market. This also isn't the first instance of such a hack with no data being stolen. In fact, hacks with intention of hijacking mining capacity has already targeted Gemalto, a world's largest SIM-card manufacturer, and Aviva, a British insurance company, just to name a few.