Blockchain News Feed

All the latest news on Blockchain & Cryptocurrencies

Menu
  • Home
  • News
  • Exchanges
  • Market Analysis
  • YouTube
  • Brave Browser
Menu

Cryptocurrency Desktop Client Victim of Trojan Attack

Posted on juni 21, 2018 by Blockchain News

Syscoin announced on official Github page the project’s official client had faced a malicious trojan attack. The post urged users who downloaded the software via GitHub between June 09, 2018 10:14 PM UTC & June 13, 2018 10:23 PM UTC to take immediate action.

GitHub Compromised

The initial attack vector of the malicious software was a compromised GitHub account belonging to one of the team members, which allowed the perpetrators to gain admin level access and replace the official Windows client with a spiked version.

The altered client introduced by the hacker contained a relatively well-known piece of malicious software called Arkei Stealer, which targets users password and private keys of wallets stored on the local device. Fortunately, a scan from VirusTotal, an automatic virus database and aggregate cataloging service, shows that 44/67 of the major antivirus software vendors have already blacklisted the offending software, severely limiting its ability to spread any further.

Syscoin recommends that all windows users identify the installation date of their desktop cryptocurrency client and ensure that it does not fall between June 9 and June 13, 2018. Affected users are advised to backup their data to a clean storage medium, scan their system with an antivirus, change all passwords related to that machine using an uninfected device and migrate their funds to a newly generated encrypted wallet on a clean machine.

Syscoin Tightens Up Security in Response

The Syscoin team has taken steps to ensure that this kind of attack does not happen again by requiring all Block Foundry Staff and Syscoin Developers to enable two-factor authentication for accessing accounts, perform routine verification of signature hashing and work with Github to ensure users will be able to detect altered binaries.

While many people may be familiar with 2FA from their experience logging in with major cryptocurrency exchanges. Syscoins implementation of signature hashes, through the use of the open source tool Gitian, requires some exploration.

Multifactor Checksum Validation

When developers publish software, they often accompany their release with a checksum — using MD5 or SHA using a hashing algorithm — creating a unique string that acts a signature for that version of the program. This allows users to download the ‘published’ software, run the same hashing algorithm and cross-reference their results with developers while ensuring the data they downloaded is identical to the software publisher.

Gitian, developed by the pseudonymous Dev Random alongside other members of the Bitcoin core community, takes this concept of verifiably secure and trusted code to a new level.

Due to the complexities of compiling human-readable code into binary, it is often the case that two developers compiling identical code will create slightly different binary, resulting in dramatically different checksums.

Gitian creates a replicable working environment across multiple machines by running a Virtual Machine inside of another Virtual Machine, allowing multiple developers to cross-reference each others code and compile binary with the relative certainty that it will be identical across all devices. In the circumstance someone introduces malicious code — intentionally or otherwise — another team member will be able to identify who created it and diagnose the issue quickly.

The scale of those affected by the Syscoin hack has yet to be determined, however, the team’s rapid reaction in notifying the broader security community and their steps taking in locking down the project’s production pipeline are hopeful signs of an impenetrable future to come.

The post Cryptocurrency Desktop Client Victim of Trojan Attack appeared first on BTCMANAGER.


Source: BTCManager.com
Original Post: Cryptocurrency Desktop Client Victim of Trojan Attack

Ledger Nano X - The secure hardware wallet

Recente berichten

  • HAPPENING NOW!! Crucial Moment | Solana Price Prediction
  • XRP price rally stalls near key level that last time triggered a 65% crash
  • The Future Is Apparently NOW + HUGE VeChain News & Could This ACTUALLY Work?
  • Bill Imposing Fines for Illegal Issuance and Exchange of Digital Assets Proposed in Russia
  • Solana smartphone Saga triggers mixed reactions from crypto community

Categorieën

  • Altcoin Buzz
  • Altcoin Buzz News
  • AMBcrypto
  • Bitcoin.com
  • Bitcoinist
  • BTC Manager
  • CCN
  • Coin Mastery
  • Coindesk
  • Coinpower News
  • Cointelegraph
  • CryproSlate
  • Crypto Daily
  • Crypto News (.net)
  • Cryptocoin News
  • Cryptocurrency News
  • CryptoDaily.co.uk
  • CryptoPotato
  • CryptosRUs
  • Daily HODL
  • DataDash
  • Ethereum Worldnews
  • Exchanges
  • ICO's
  • Invest in Blockchain
  • Market Analysis
  • News
  • News BTC
  • Newsbit
  • Portfolio
  • Pricecheck
  • Ready Set Crypto
  • The Modern Investor
  • ToshiTimes
  • Use The Bitcoin

Archieven

  • juni 2022
  • mei 2022
  • april 2022
  • maart 2022
  • februari 2022
  • januari 2022
  • december 2021
  • november 2021
  • oktober 2021
  • september 2021
  • augustus 2021
  • juli 2021
  • juni 2021
  • mei 2021
  • april 2021
  • maart 2021
  • februari 2021
  • januari 2021
  • december 2020
  • november 2020
  • oktober 2020
  • september 2020
  • augustus 2020
  • juli 2020
  • juni 2020
  • mei 2020
  • april 2020
  • maart 2020
  • februari 2020
  • januari 2020
  • december 2019
  • november 2019
  • oktober 2019
  • september 2019
  • augustus 2019
  • juli 2019
  • juni 2019
  • mei 2019
  • april 2019
  • maart 2019
  • februari 2019
  • januari 2019
  • december 2018
  • november 2018
  • oktober 2018
  • september 2018
  • augustus 2018
  • juli 2018
  • juni 2018
  • mei 2018
  • april 2018
  • maart 2018
  • februari 2018
  • januari 2018
  • december 2017
  • november 2017
  • oktober 2017
  • september 2017
  • maart 2017
  • juni 2016
  • juli 2014
  • september 2013
  • augustus 2013
©2022 Blockchain News Feed | Design: Newspaperly WordPress Theme