Business 6 February 2019

Erik Gibbs

New crypto malware is versatile and extremely dangerous

Cybersecurity firm Kaspersky Lab has identified a new cryptocurrency malware that could be potentially more dangerous than others previously found. The malware, dubbed Razy due to a file named trojan.win32.razy.gen, can spoof search results and attack browser extensions. As opposed to other crypto malware, it is able to adapt itself based on the Internet browser used by the victim.

Kaspersky researchers Victoria Vlasova and Vyacheslav Bogdanov wrote in a blog post, “Razy serves several purposes, mostly related to the theft of cryptocurrency.” It can search for addresses of crypto wallets on websites and replace them with other addresses, spoof images of QR codes that point to wallets, modify web pages of crypto exchanges and spoof Google and Yandex search results.

Specific to browser use, Razy installs an extension on Firefox, Firefox Protection, that can alter files in two folders, APPDATA and PROGRAMFILES. In Chrome and Yandex, Razy disables the “browser extension integrity check” and proceeds to create registry keys that disable browser updates. Subsequently, the Chrome application can become infected with a variety of extensions, most of which target Chrome Media Router, and the Yandex browser becomes infected with the “Yandex Protect” malware.

The researchers further explain, “Irrespective of the targeted browser type, Razy added the following scripts it brought along to the folder containing the malicious script: bgs.js, extab.js, firebase-app.js, firebase-messaging.js and firebase-messaging-sw.js… The file manifest.json was created in the same folder or was overwritten to ensure these scripts get called.”

The ”firebase” files are legitimate files that belong to the Firebase platform, but are manipulated to send statistics to the malware provider’s Firebase account.

Ultimately, unwitting netizens with an infected computer could visit a webpage, such as Binance.com or pro.coinbase.com and be presented with crypto wallet addresses that aren’t legitimately owned by those entities. Instead, they belong to the provider of the malware. The blog post indicates, however, that the obfuscation works on virtually all web pages, except for those hosted by Google or Yandex.

Even Wikipedia pages are at risk. According to the researchers, “When the user visits Wikipedia, main.js adds a banner containing a request for donations to support the online encyclopedia. The cybercriminals’ wallet addresses are used in place of bank details. The original Wikipedia banner asking for donations (if present) is deleted.”

Kaspersky was able to identify the wallet addresses associated with the malware and determined that, as of its publication on the subject, 0.14 Bitcoin Core (BTC) and 25 Ether (ETH) had been pilfered. That amounts to around $471 BTC and $2,545 ETH at current market prices.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

South Korean Kakao puts $57M into blockchain, AI research in Q4 2018

Business 15 February 2019

South Korean Kakao puts $57M into blockchain, AI research in Q4 2018

According to a new report, South Korean internet giant Kakao invested $57 million in the research and development of new blockchain and AI technologies.

Read More
Russian minister: Don’t regulate cryptos, they aren’t payment methods

Business 15 February 2019

Russian minister: Don’t regulate cryptos, they aren’t payment methods

For Alexander Kolanov, it’s simple. Crypto’s aren’t recognized as payment methods in Russia, so they don’t need regulation.

Read More
Crypto market daily report – February 15, 2019

Business 15 February 2019

Crypto market daily report – February 15, 2019

The cryptocurrency markets appeared to be in positive mood on Friday at press time as the majority of coins were up by a considerable margin while other held on to their previous day’s price levels.

Read More