Malware disguised as cheat tools steals crypto from Fortnite players

When the sixth season of popular video game Fortnite dropped, fans rejoiced. And opportunists tried to cash in too—by developing a cryptocurrency- and data-stealing malware posing as game cheat tools.

Malwarebytes Labs discovered the malware in YouTube videos offering “free” season passes and “free” versions of the game, according lead malware intelligence analyst Christopher Boyd.

In a blog post, Boyd noted, “We sifted through a sizable mish-mash of free season six passes, supposedly ‘free’ Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of ‘free V-Bucks’ used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”

The discovery process involved going through several steps, including subscribing to a YouTube channel, before being redirected to a different site and then filling a survey before downloading the malware disguised as a cheat tool.

The videos were titled in an inviting manner. One video was called, “New Season 6 Fortnite Hack Cheat Free Download September 2018 / WH / Aimbot/ Undetectable.” Another one was titled, “Fortnite Hack Free Download,” and yet another was titled “Fortnite Cheat.” One video had 120,892 views before it was removed for breaching YouTube’s spam policy.

Boyd said passing the malware off as a cheat tool is not new—the practice has been seen for decades and is capable of doing significant damage to computer systems.

The initial .exe file runs on the target system then enumerates the details of the infected computer. After this, it sends data via a POST command to a file in Tel Aviv. Boyd noted that a lot of data is vulnerable to theft since the malware examines bitcoin wallets, Steam sessions, cookies, and information tied to browser sessions. The malware includes a readme file that advertises the ability to purchase additional Fortnite scams for ‘$80 Bitcoin’.

In as much as one may be tempted to cheat at Fortnite, Boyd advises users to avoid the temptation to download cheats.

“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift,” he wrote. “Winning is great, but it’s absolutely not worth risking a huge slice of personal information to get the job done.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Malware disguised as cheat tools steals crypto from Fortnite players appeared first on Coingeek.

Read More

Crypto in Africa: New intercontinental payment methods poised to overtake US dollar

The U.S. dollar is reported to be losing its place as the top intercontinental currency in Africa. This is according to SWIFT, the global provider of financial messaging services. African usage of the U.S. dollar dropped from 50% in 2013 to 45.1% in 2017, and this is attributed to citizens switching more to local currencies and mobile payments (possibly including cryptocurrencies) to handle international transactions. It’s difficult to say how much of such payments were made through cryptocurrencies, but the 6.4% of mobile statistics clearly means they were government-approved currencies without actual intrinsic value.

It has been reported that African countries have been gradually adopting blockchain and crypto technologies over the past few years. GSM Association estimates that Africa will likely have 725 million mobile phone subscribers by 2020, which, in turn, can boost cryptocurrency adoption in the region. SWIFT noted that with mobile money and other digital financial services, people can store money securely, spend it effortlessly, and afford the small fees charged by their providers.

The U.S. dollar has been replaced chiefly by the South African rand and the West African franc as the leading inter-country exchange currency in Africa. The franc commands 7.3% of such payments, up from 4.4% in 2013. The rand has moved up from 6.3% to 7.2% in usage. The British pound has spiraled downwards too, from 6.2% to 4.6% of such transactions.

Africa hit by crypto mining USB malware infections

Kaspersky recently published a Lab Review of USB and removable media threats in 2018 that showed Africa as one of the most affected regions by crypto mining-related USB malware infections.

Crypto mining malware have been harnessed by cyber attackers as an effective and persistent distribution vehicle for spreading malware between unconnected computers. The toll on victims has been on the rise, given that emerging markets—where USB devices are more widely used for business purposes—are the most vulnerable to malicious infection spread by removable media. Such markets are especially prevalent in Africa, Asia and South America.

Isolated hits were also detected in countries in Europe and North America. An example is Radiflow, specializing in SCADA (supervisory control and data acquisition), which saw its servers suffer malware infection.

Despite the fact that USB devices are less effective at spreading infection than in the past due to growing awareness of their security weakness and declining use as a business tool, they remain a significant risk that users ought not to underestimate. Attackers still continue to find exploits and some infections go unnoticed for years. USB devices have been around for over two decades and have acquired a reputation of beingvulnerably to cybersecurity threats.

According to Kaspersky Security Network, KSN data, a popular crypto-miner malware detected in drive-roots is Trojan.Win32.Miner.ays/ Trojan.Win64.Miner.all, known since 2014. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the requirements that enable it to send any results to an external server controlled by the attacker.

Infections have been reported to grow via removable media unnoticed and continually year-after-year with detections of the 64-bit version of the miner growing by around a sixth, increasing by 18.42% between 2016 and 2017, and expected to rise by 16.42% between 2017 and 2018.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Crypto in Africa: New intercontinental payment methods poised to overtake US dollar appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More

Researchers discover new crypto malware-killing botnet

A new botnet which sets out to specifically kill a type of crypto mining malware has been discovered by security researchers at Qihoo 360Netlab.

Known as Fbot, the botnet appears to be based on derivative software from Mirai, an application generally used in DDoS attacks. However, in this case, the DDoS module has been deactivated, with the botnet instead searching for cryptojacking malware before replacing its code, thereby neutering its bad effects.

In particular, the botnet searches for instances of the com.ufo.miner, a variation on the Android based ADB.Miner for privacy-centric altcoin Monero.

According to the Qihoo team, the botnet distributes itself by searching for open ports, before uninstalling the com.ufo.miner software where present. The botnet effectively installs itself over the malware, destroys its malicious code, and then self-destructs, according to a report published by the researchers.

The botnet is also linked to a domain name which is only accessible through EmerDNS, rather than the standard DNS system. This means it becomes harder to detect, with those scanning only traditional DNS names unable to access its records.

“The choice of Fbot using EmerDNS other than traditional DNS is pretty interesting, it raised the bar for security researcher to find and track the botnet (security systems will fail if they only look for traditional DNS names),” according to the Qihoo 360Netlab blog post.

It comes at a time when the numbers of cryptojacking and malware attacks have reached record highs, with the last few months seeing particularly elevated activity around these types of crypto scams.

Cryptojacking malware is now so prevalent that it has been identified across the systems of several large businesses and government agencies, as well as the countless individuals affected worldwide. According to security researchers, incidents of cryptojacking have increased by 956% over the last year.

This has even prompted Firefox to announce their latest browser will automatically detect and block cryptojacking scripts, in a bid to fight against this surge in their use.

At this stage, it remains unclear whether the botnet was created with the intention of cleaning up malware, or whether it has been launched by rival scammers to clear out competing malware.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Researchers discover new crypto malware-killing botnet appeared first on Coingeek.

Read More

Future Firefox browsers to block cryptojacking malware

Mozilla, the company behind popular web browser Firefox, is gearing up to automatically block malware scripts, including those that “silently mine cryptocurrencies” in future versions of Firefox.

Last week, Mozilla announced that it will soon implement an initiative to “protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.” The company cited Ghostery study, which noted that 55.4% of the total time required to load an average website is usually spent loading third-party trackers. For the users with slower networks, the loading time is even worse.

“Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common. For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control,” according to Mozilla. “Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.”

This is the reason why Mozilla’s future web browsers will be equipped with a new feature—found in Firefox Nightly—which will block trackers that slow down page loads. This feature will be tested using a shield study starting September, and if the approach performs well, Mozilla plans to start blocking slow-loading trackers by default in Firefox 63.

The company has already stripped cookies and blocked storage access from third-party tracking content, a feature that Firefox Nightly users can already test out. If all goes according to plan, Mozilla said it will bring the protective feature to all Firefox 65 users.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Future Firefox browsers to block cryptojacking malware appeared first on Coingeek.

Read More
Top
You have not selected any currencies to display