DEVELOPMENT

New Trojan virus targets cryptocurrency exchanges and user wallets, even Google Authenticator codes are ineffective

share
New Trojan virus targets cryptocurrency exchanges and user wallets, even Google Authenticator codes are ineffective

The latest cybersecurity research indicates that a new Trojan virus, known as Cerberus, is about to emerge, targeting financial-related applications including online banking, email, cryptocurrency exchanges, hardware wallets, and even capable of remotely stealing one-time passwords from Google Authenticator.

Table of Contents

  • Financial Malware Targeting Mainstream Exchanges
  • OKEx, Bitfinex Hit by Large-Scale DDoS Attacks

ThreatFabric, a cybersecurity company based in Amsterdam focusing on researching threats in the financial sector, has recently published a study unveiling multiple malicious programs with remote access capabilities, including Cerberus, Gustuff, Hydra, Anubis, and Ginp.

Trojan Malware Targeting Exchanges and Cryptocurrency Wallets

The study points out that a trojan malware named Cerberus can remotely steal phone screen lock PIN codes and hijack Google Authenticator (2FA) passwords. If users utilize remote control software like TeamViewer, it may provide hackers with more avenues, including the ability to arbitrarily remove or install any programs on the device.

Cerberus was first discovered at the end of June last year, replacing the Anubis trojan and becoming a mainstream malicious program. The study also lists a range of potential targets for Cerberus, including Coinbase, Binance, Xapo, Wirex, and Bitpay. It claims that the latest version of Cerberus is still in the testing phase but may be released soon.

Mainstream Exchanges Under DDoS Attacks

In addition to potential malicious trojan programs, mainstream exchanges encountered large-scale DDoS attacks over the weekend, with Bitfinex, OKEx, among others, experiencing crashes and website unavailability. OKEx's scheduled launch of quarterly futures and options trading on the 28th was forced to pause, followed by a system upgrade on the same day, which later resumed normal operations.

On the same day, Bitfinex stated on Twitter that they were hit by a highly complex DDoS attack but quickly restored trading systems, emphasizing that all user funds were secure.

Note: A denial-of-service attack (DoS) floods the target with a high volume of requests, rendering the target system (website or application) unable to handle the load, resulting in service disruption or outage. A distributed denial-of-service attack (DDoS) involves attackers using multiple hijacked or controlled computers to launch the attack.

Aside from suffering a DDoS attack, OKEx was further exposed today by cryptocurrency researcher Larry Cermak for plagiarizing Binance Academy's content:

There seems to be an ongoing drama between OKEx and Binance, with the former launching its own version of Binance Academy that is nearly identical, word for word, to Binance's content.

Moreover, OKEx even copied Binance's proprietary asset, Secure Asset Fund for Users (SAFU), into their content.

Source : @lawmaster

After Larry Cermak made this information public on Twitter, OKEx swiftly removed the content from their website, and the related articles are no longer accessible. However, there was a previous incident where Binance's JEX futures exchange testnet launch also involved plagiarism, with certain parts of its educational materials being identical to those of BitMEX exchange. CEO Zhao Changpeng apologized on Twitter and pledged to delete the relevant articles.

Further Reading

  • Former Microsoft Engineer Convicted of Stealing $10 Million in Cryptocurrency Sentenced to 18 Federal Felonies
  • Wallet Vulnerability Causes Network Outage, IOTA Price Up Over 10% Compared to Last Month

Join Telegram now for the most accurate information on financial technology, blockchain insights, and industry examples!