Hackers Are Using These 6 Tools To Steal Your Cryptocurrency
In the early July, suspicious action around 2.3 million Bitcoin wallets was discovered, all of which appeared to be full-blown hacks in the making. The attackers utilized malware — known as “clipboard hijackers” — which works in the clipboard and can possibly replicate wallet address with one of the attackers.
The risk of hacking of this kind was anticipated by Kaspersky Lab last year, and they didn’t take long to become a reality. This is a standout amongst the most across the board kinds of assaults that is gone from stealing clients’ data or money, with the general share of attack to singular records and wallets being around 20 percent of the aggregate number of malware assaults.
1. Apps on Google Play and the App Store
Victims of hacking are most often smartphone owners with the Android operating system, which does not use Two Factor Authentication (2FA) — this requires not only a password and username but also something that users has on them, i.e., a piece of information only they could know or have on hand immediately, such as a physical token. The thing is that Google Android’s open operating system makes it more open to viruses, and therefore less safe than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application is launched, the user enters sensitive data to access their accounts and thereby gives hackers access to it.
2. Bots in Slack
Slack bots aimed at stealing cryptocurrencies have become the scourge of the fastest-growing corporate messenger. Most often, hackers create a bot that notifies users about problems with their cryptos. The goal is to force a person to click the link and enter a private key. With the same speed with which such bots appear, they are blocked by users. Even though the community usually reacts quickly and the hacker has to retire, the latter manages to make some money.
3. Add-ons for crypto trading
4. Authentication by SMS
Turn off call forwarding to make an attacker’s access to your data impossible. Many users choose to use mobile authentication because they are used to doing it, and the smartphone is always on hand. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a password confirmation, transmitted practically worldwide by the Signaling System 7 (SS7) protocol. Specialists were able to hijack the text messages using their own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of Coinbase accounts, which shocked the users of the exchange. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself, Positive Technologies stated. This proved that any system can be accessed directly via SMS, even if 2FA is used.
5. Public Wi-Fi
Never perform crypto transactions through public Wi-Fi, even if you are using a VPN. In the Wi-Fi Protected Access (WPA) protocol — which uses routers — an unrecoverable vulnerability was found. After carrying out an elementary KRACK attack the user’s device reconnects to the same Wi-Fi network of hackers. All the information downloaded or sent through the network by a user is available to attackers, including the private keys from crypto wallets. This problem is especially urgent for public Wi-Fi networks at railway stations, airports, hotels, and places where large groups of people visit.
6. Sites-clones and phishing
These good old hacking methods have been since the “dotcom revolution,” but it seems that they are still working. The goal of such a trick — including the substitution of the address in the browser address field — is to lure a user to the site-clone and force them to enter the account’s password or a secret key.
Cryptojacking, hidden mining, and common sense
The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.
This year around 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called “crypto jacking” and it has fascinated hackers with its simplicity in such a way that they massively took up its implementation, abandoning the traditional extortion programs.
On June 27, users began leaving comments on a Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole “suitcase” of unpleasant surprises.
Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.
After the questioning of victims of All-Radio, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims, those who consciously violated copyright and security rules.
Kevin Jones866 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.