Tag Archive for: currencies

Panda Stealer malware targets digital currencies via Discord links, spam emails

/in


There’s a new malware that’s targeting digital currency wallets, spreading through spam emails and Discord channels. The malware, dubbed Panda Stealer, has mostly targeted victims in the U.S., Germany, Japan and Australia.

Security company Trend Micro was the first to detect the malware. In a recent blog post, the Tokyo-based firm revealed that Panda Stealer is delivered through spam emails posing as business quotes to lure unsuspecting victims into opening malicious Excel files.

The malware has two infection chains, the security company revealed. In the first, the criminals attach a .XLSM document that contains malicious macros. Once the victim enables the macros, the malware downloads and executes the main stealer.

In the second infection chain, the spam emails come with a .XLS attachment containing an Excel formula that hides a PowerShell command. This command attempts to access paste.ee, a Pastebin alternative, that in turn accesses a second encrypted PowerShell command. According to Trend Micro, this command is used to access URLs from paste.ee for easy implementation of fileless payloads.

“Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum,” the company noted.

The malware doesn’t limit itself to digital currency wallets, however. It steals credentials to other applications such as Telegram, NordVPN, Discord and Steam. It’s also capable of taking screenshots of the infected computer and capturing and transmitting data from browsers like cookies and passwords.

Trend Micro found another 264 files similar to Panda Stealer on VirusTotal. Over 140 command and control (C&C) servers and over 10 downloaded sites were used by these samples.

It concluded, “Some of the download sites were from Discord, containing files with names such as “build.exe,” which indicates that threat actors may be using Discord to share the Panda Stealer build.”

Security researchers have linked the Panda Stealer malware campaign to an IP address assigned to virtual private servers rented from Shock Hosting. However, the hosting…

Source…

Website for storing digital currencies hosted code with a sneaky backdoor

/in
Website for storing digital currencies hosted code with a sneaky backdoor

(credit: NoHoDamon / Flickr)

A website that bills itself as providing a safer way to store Bitcoin and other digital currencies has been using a coding sleight of hand to generate private keys that are suspiciously trivial for the operators to guess, leaving all funds stored in the wallets open to theft, researchers with a different service said on Friday.

WalletGenerator.net provides code for creating what are known as paper wallets for 197 different cryptocurrencies. Paper wallets were once billed as a secure way to store digital coins because—in theory, at least—the private keys that unlock the wallets are stored on paper, rather than on an Internet-connected device that can be hacked. (In reality, paper wallets are open to hack for a variety of reasons.) While the site advises people to download the code from this Github page and run it while the computer is unplugged from the Internet, it also hosted a simpler, stand-alone service above all the instructions for generating the same wallets.

Researchers from MyCrypto, which provides an open-source tool for cryptocurrency and blockchain users, compared the code hosted on Github and WalletGenerator.net and found some striking differences. Sometime between August 17 and August 25 of last year, the WalletGenerator.net code was changed to alter the way it produced the random numbers that are crucial for private keys to be secure.

Read 13 remaining paragraphs | Comments

Biz & IT – Ars Technica