Advertisements

Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain

Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks, cyber security researchers have warned.

The malware uses the bitcoin blockchain to update, meaning it can continue running even if a device’s antivirus software blocks its connection to servers run by the hackers, security intelligence blog Trend Micro reported this week.

The Glupteba malware, first discovered in December 2018, is distributed through advertising designed to spread viruses through script and can steal an infected devices’ browsing history, website cookies, and account names and passwords with this particular variant found to be targeting file-sharing websites.

However, according to researchers, the new version of the malware can also mine the privacy-specialized monero cryptocurrency and threaten the security of Instagram users’ accounts.

The malware uses the Electrum bitcoin wallet to send bitcoin transactions that the attackers use to gain access to systems.

“This technique makes it more convenient for the threat actor to replace command and control servers,” Trend Micro researchers wrote. A command and control server is the centralized computer that issues commands to an infected network of devices.

The Glupteba malware, first discovered in December 2018, is distributed through advertising designed to spread viruses through script and can steal an infected devices’ browsing history, website cookies, and account names and passwords with this particular variant found to be targeting file-sharing websites.

However, according to researchers, the new version of the malware can also mine the privacy-specialized monero cryptocurrency and threaten the security of Instagram users’ accounts.

The malware uses the Electrum bitcoin wallet to send bitcoin transactions that the attackers use to gain access to systems.

“This technique makes it more convenient for the threat actor to replace command and control servers,” Trend Micro researchers wrote. A command and control server is the centralized computer that issues commands to an infected network of devices.

“If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting.”

It’s not the first time the bitcoin blockchain has been taken advantage of by criminals, with German researchers last year discovering child abuse imagery shared via the decentralized network.

Follow me on Twitter.

I am a journalist with significant experience covering technology, finance, economics, and business around the world. As the founding editor of Verdict.co.uk I reported on how technology is changing business, political trends, and the latest culture and lifestyle. I have covered the rise of bitcoin and cryptocurrency since 2012 and have charted its emergence as a niche technology into the greatest threat to the established financial system the world has ever seen and the most important new technology since the internet itself. I have worked and written for CityAM, the Financial Times, and the New Statesman, amongst others. Follow me on Twitter @billybambrough or email me on billyATbillybambrough.com. Disclosure: I occasionally hold some small amount of bitcoin and other cryptocurrencies.

Source: Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain

by Christian Karam & Vitaly Kamluk The blockchain is the public ledger stacking all bitcoin/altcoins transactions. It is constantly growing as “completed” blocks are automatically added to it with a new set of records. The blocks are added to the blockchain in a linear and chronological order. The blockchain has complete information about the addresses and their balances right from the genesis block to the most recently completed block through the mining process. Depending on the crypto-currency and the implementation of its protocols, there would be a fixed open space, where data can be stored, referenced or hosted on the blockchain within encrypted transactions and their records. This very versatile nature of the blockchain offers great opportunities for future innovation especially in decentralized systems. The research focus revolves around the threat of embedding decentralized chunks of malware on the blockchain by either hosting it or referencing it with cascaded pointers. Transactions and data are encrypted throughout the blockchain networks using different versions of public/private key encryption. Could malware survive eternally inside crypto-transactions? A proof of concept will be explained highlighting the concerns revolving around the “abuse and bloating” of the blockchain while comparing it to previous malware hosting and deployment models. In this talk, INTERPOL will frame the scope of this future threat and provide potential solutions for a threat surrounding the blockchain technology.

Advertisements

NYSE-Linked Bitcoin Exchange Bakkt Just Unveiled a Major Acquisition

Bakkt – the cryptocurrency startup launched by New York Stock Exchange (NYSE) owner Intercontinental Exchange – just yanked the lid off the full range of its blockchain ambitions.

The firm announced today that it has acquired Digital Asset Custody Company (DACC) as part of its efforts to gain regulatory approval for its crypto products.

Reportedly, Bakkt is less concerned with merely building a Bitcoin exchange than they are with offering institutional custody and payment platform services, all of which still requires regulatory approval.

Bakkt Acquires Crypto Custodian DACC

bakkt bitcoin futures

Bitcoin startup Bakkt acquired a crypto custodian to help bring its regulated platform to market. | Source: Shutterstock

The company recently announced its application for a BitLicense, and it is also pushing to become a trust company in New York. The company’s efforts have been repeatedly stalled by regulatory delays, despite positive news around its partnerships with Starbucks, Microsoft, and others.

Coinbase previously acquired a trust charter with the New York Department of Financial Services. Becoming a trust can be a faster process than becoming a BitLicense recipient, which can take several years. Bakkt says in a new blog post that it’s applied for a charter, and recently we reported that they’re also seeking a BitLicense.

Bakkt wants to offer Bitcoin futures contracts that pay out in cryptocurrency, which would set them apart from other Bitcoin futures offerings. Bakkt has several other ambitious projects in mind, but it must get through several layers of red tape before it finally launches.

Adam White wrote in Bakkt’s blog today:

“To provide regulated custody, we have filed with the New York Department of Financial Services for approval to become a trust company and in this capacity serve as a Qualified Custodian for digital assets. […] It is with that same commitment to setting a new standard for securely storing digital assets that we’re excited to announce that we have acquired Digital Asset Custody Company (DACC). DACC shares our security-first mindset and brings extensive experience offering secure, scalable custody solutions to institutional clients. The team’s experience integrating multiple blockchains and operating cutting-edge consensus mechanisms is a valuable addition to our team and future product line.”

Bakkt CEO Kelly Loeffler told Fortune:

“From the ground up what ICE has been building for two years is the safest version of a custody solution for digital assets.”

Custody: The Key to Mass Bitcoin Adoption?

bitcoin wallet crypto

A lack of regulated custodians has kept many crypto-curious institutions out of the burgeoning asset class. | Source: Shutterstock

Bakkt and Coinbase have both claimed that offering secure, modern custodial solutions for cryptocurrency will encourage institutional investors to expand their portfolios to include the speculative asset class. Thus far, Coinbase and Circle’s offerings have yet to make a significant dent in the overall market.

Fidelity, a traditional assets management company, also nears completion of its custodial solution. A range of options doesn’t necessarily equate to investor interest, but their availability may play a vital role during any future bull run. Institutional investors will, at a minimum, have several popular options to choose from if they consider getting into the market, opportunities that didn’t exist in previous times.

Bakkt’s current push is three-pronged:

  • They’ve acquired a company already engaged in playing custodian to digital assets.
  • They’ve applied for a BitLicense.
  • They’re working to become a registered trust.

There are other avenues they might still pursue, such as operating without New York as an available market at first. What is clear is that the company is anxious to get into the game, and the recent bull market activity is probably not far from their mind.

Source: NYSE-Linked Bitcoin Exchange Bakkt Just Unveiled a Major Acquisition

Iceland: Figurehead in Bitcoin Miner Heist Jailed for More Than Four Years

An Icelandic man has received a four-and-a-half-year prison sentence for stealing Bitcoin mining equipment, local English-language news outlet Iceland Monitor reported Jan. 17. Sindri Þór Stefánsson, who in April 2018 boarded a flight to Stockholm from Reykjavik reportedly with a stolen passport, was subsequently arrested in Amsterdam and returned home. Stefánsson claimed he legally fled custody to Sweden. In court, Stefánsson, along with six accomplices, received a lengthy jail term.

Source: Iceland: Figurehead in Bitcoin Miner Heist Jailed for More Than Four Years

Bitcoin Scammers Hack into Twitter Accounts of Target, The Body Shop (Among Others) – Jodie Lauren Smith

1

Target and The Body Shop were targeted in a new wave of verified Twitter account hacks. This new attack follows a wave of similar attacks, including the attack where hackers masqueraded as Elon Musk by changing the name of other verified accounts they hacked into. Hackers used Elon Musk’s identity and credibility within the industry to encourage users ot part with their Bitcoin in exchange for more Bitcoin that never materialized.

In this latest attack, a crypto giveaway was the focus of the tweets, and a link was included so users could take part. More than a few high profile accounts were targeted including TargetToledo Rockets, The Body Shop, Universal Music Czech Republic, the Agriculture and Horticulture Development Board (AHDB).

It is not yet clear how hackers managed to hack the accounts, however since the English used within the tweets is substandard, it is assumed the hackers are not native English speakers. While this may seem like a hint to most people that the Twitter account is not genuine, often this is intentional. For example with Nigerian inheritance and love scams, the scammers often use poor English as a means of making sure they only receive responses from the most gullible people, which are usually the most vulnerable people to these types of scams.

The relative success of these scams goes to highlight the trust people put into the verified account ‘tick’ on Twitter profiles. For many people, as soon as they see the tick, they believe they are dealing with a legitimate person or company that they can trust. Hackers are exploiting this to target a wide array of people. The attacks also prey on people’s excitement over cryptocurrency and the desire to get involved in this new and exciting area of financial technology. Many people have been wanting to dip their toe in the cryptocurrency pool, but aren’t sure how to go about it. Big businesses that are accessible to the public also add an air of legitimacy for those people wanting to segway into crypto.

Twitter hasn’t released a formal response specifically around these attacks, although pressure is mounting for them to do so. Twitter needs to find a way to make these types of attacks impossible, otherwise, users will become more fearful and less trusting of the platform.

Hopefully, Twitter can find a solution before the next wave of attacks. This seems to be a method hackers wanting to scam people out of cryptocurrency keep returning to, suggesting that it is very profitable and worth the effort to hack the accounts.

 

 

 

Donate us if you like

%d bloggers like this:
Skip to toolbar