Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Backdoored cryptocurrency software found serving AZORult malware
#1
Quote:EXCLUSIVE --Hackers have compromised the GitHub account of the Denarius cryptocurrency project lead and have backdoored the Windows client with the AZORult infostealer malware.

The compromised Denarius cryptocurrency client --which node operators run on their servers to support the Denarius blockchain-- was spotted earlier today by a security researcher named Misterch0c, who alerted ZDNet.
ZDNet independently confirmed the researcher's findings with the help of RiskIQ threat researcher Yonathan Klijnsma.

Carsen Klock, the top dev behind the Denarius cryptocurrency, said the incident occurred because he reused an older password to secure his GitHub account.
This allowed a hacker to silently access his GitHub account and upload a backdoored version of the Denarius Window client --version 3.3.6, released on January 22.

According to Misterch0c and Klijnsma, this file (VirusTotal link) was a modified Denarius client installer that installed a version of the AZORult malware.
"The .bat file is started, which it will start the other bins in sequence, with smaller one being AZORult," Klijnsma said after analyzing the backdoored Denarius installer.

Once installed on a user's computer, AZORult can steal a vast array of user data, such as browser passwords, browser cookies, passwords for FTP clients, chat histories, and most importantly, wallet database files from popular cryptocurrency clients.


Read More & SOURCE... https://www.zdnet.com/article/backdoored...t-malware/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I review security software for a living and I just found a new way to stop online sca mrtrout 0 876 01-06-2024 , 04:30 AM
Last Post: mrtrout
  Over 640 Citrix servers backdoored with web shells in ongoing attacks mrtrout 0 733 08-03-2023 , 07:56 PM
Last Post: mrtrout
  Amadey malware pushed via software cracks in SmokeLoader campaign mrtrout 0 699 07-25-2022 , 01:23 AM
Last Post: mrtrout
  Malware found in npm package with millions of weekly downloads mrtrout 0 552 10-23-2021 , 08:53 AM
Last Post: mrtrout
  US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs mrtrout 0 581 09-23-2021 , 08:11 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)