Hackers Are Using These 6 Tools To Steal Your Cryptocurrency
In the early July, suspicious action around 2.3 million Bitcoin wallets was discovered, all of which appeared to be full-blown hacks in the making. The attackers utilized malware — known as “clipboard hijackers” — which works in the clipboard and can possibly replicate wallet address with one of the attackers.
The risk of hacking of this kind was anticipated by Kaspersky Lab last year, and they didn’t take long to become a reality. This is a standout amongst the most across the board kinds of assaults that is gone from stealing clients’ data or money, with the general share of attack to singular records and wallets being around 20 percent of the aggregate number of malware assaults.
1. Apps on Google Play and the App Store
Victims of hacking are most often smartphone owners with the Android operating system, which does not use Two Factor Authentication (2FA) — this requires not only a password and username but also something that users has on them, i.e., a piece of information only they could know or have on hand immediately, such as a physical token. The thing is that Google Android’s open operating system makes it more open to viruses, and therefore less safe than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application is launched, the user enters sensitive data to access their accounts and thereby gives hackers access to it.
2. Bots in Slack
Slack bots aimed at stealing cryptocurrencies have become the scourge of the fastest-growing corporate messenger. Most often, hackers create a bot that notifies users about problems with their cryptos. The goal is to force a person to click the link and enter a private key. With the same speed with which such bots appear, they are blocked by users. Even though the community usually reacts quickly and the hacker has to retire, the latter manages to make some money.
3. Add-ons for crypto trading
Internet browsers offer extensions to customize the user interface for more comfortable work with exchanges and wallets. And the issue is not even that add-ons, read everything that you are typing while using the internet, but that extensions are developed in JavaScript, which makes them extremely vulnerable to hacking attacks. The reason is that in recent times — with the popularity of Web 2.0, Ajax and rich internet applications — JavaScript and its attendant vulnerabilities have become highly prevalent in organizations, especially Indian ones. In addition, many extensions could be used for hidden mining, due to the user’s computing resources.
4. Authentication by SMS
Turn off call forwarding to make an attacker’s access to your data impossible. Many users choose to use mobile authentication because they are used to doing it, and the smartphone is always on hand. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a password confirmation, transmitted practically worldwide by the Signaling System 7 (SS7) protocol. Specialists were able to hijack the text messages using their own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of Coinbase accounts, which shocked the users of the exchange. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself, Positive Technologies stated. This proved that any system can be accessed directly via SMS, even if 2FA is used.
5. Public Wi-Fi
Never perform crypto transactions through public Wi-Fi, even if you are using a VPN. In the Wi-Fi Protected Access (WPA) protocol — which uses routers — an unrecoverable vulnerability was found. After carrying out an elementary KRACK attack the user’s device reconnects to the same Wi-Fi network of hackers. All the information downloaded or sent through the network by a user is available to attackers, including the private keys from crypto wallets. This problem is especially urgent for public Wi-Fi networks at railway stations, airports, hotels, and places where large groups of people visit.
6. Sites-clones and phishing
These good old hacking methods have been since the “dotcom revolution,” but it seems that they are still working. The goal of such a trick — including the substitution of the address in the browser address field — is to lure a user to the site-clone and force them to enter the account’s password or a secret key.
Cryptojacking, hidden mining, and common sense
The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.
This year around 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called “crypto jacking” and it has fascinated hackers with its simplicity in such a way that they massively took up its implementation, abandoning the traditional extortion programs.
Carbon Black
On June 27, users began leaving comments on a Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole “suitcase” of unpleasant surprises.
Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.
After the questioning of victims of All-Radio, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims, those who consciously violated copyright and security rules.