ThreatFabric has discovered three new Trojans: Cerberus, Hydra and Gustaff. Their main goal is to steal data to accesscryptocurrency exchanges, cryptocurrency wallets and banking applications.
Amsterdam company ThreatFabric,specializing in cybersecurity in the financial industry, it has discovered the Cerberus Trojan, which steals two-factor authentication codes generated by the Google Authenticator application for Internet banking, email accounts and cryptocurrency exchanges.
As reported by ThreatFabric, a cryptocurrency exchangeCoinbase — one of Cerberus' targets, along with major financial institutions around the world and social networking applications. The company has not yet detected advertisements for updated Cerberus features on the dark web. This means that the updated version is "still in testing, but could be released soon."
A report from ThreatFabric states that the Trojanremote access Cerberus was first discovered at the end of June last year, replacing the Anubis Trojan and becoming one of the most popular malware-as-a-service products.
ThreatFabric notes that Cerberus has been updatedin mid-January 2020, and in the new version there was the possibility of theft of two-factor authentication tokens from Google Authenticator, as well as device screen lock PINs. After installation, Cerberus can download the contents of the device and establish connections, giving the attacker full remote access to the device. Then the trojan can be used to work with any application, including banking, and to access cryptocurrency exchanges.
"Credential Theft FeatureThe device’s screen lock (PIN and lock pattern) is provided with a simple overlay that will require the victim to unlock the device. From the implementation of the trojan, we can conclude that this theft of the screen lock credentials was created so that attackers could remotely unlock the device for their own purposes when the victim does not use it. This once again confirms the rich imagination of criminals who create sophisticated tools to achieve their goals. "
The report examines two more Trojansremote access, which appeared after Anubis — Hydra and Gustaff: Hydra's developers recently expanded the program's scope to target Turkish banks and blockchain wallets. Gustaff targets Australian and Canadian banks, cryptocurrency wallets and government websites.
Three Trojans, including Cerberus, target bothat least 26 cryptocurrency exchanges and cryptocurrency service providers, including Coinbase, Binance, Xapo, Wirex and Bitpay. Potential protection against Cerberus — using a physical authentication key to prevent remote attacks. These keys require physical access to the device, which helps minimize the risk of a successful attack.
Hackers are increasingly targeting userscryptocurrency. According to CipherTrace, losses from hacker attacks decreased last year, but overall losses from crimes in the crypto-asset industry rose to $4.52 billion from $1.74 billion in 2018.
</p></p>Read this:
Bitcoin wallets are at stake: hackers modified the trojan to intercept Google Authenticator passwords
Promon: hackers use Android vulnerability to access cryptocurrency wallets
The personal data of 6.5 million Israelis were in the public domain
Bitmain's New Antminer S19 and S19 Pro Specifications Presented
US Securities and Exchange Commission rejects Bitwise ETF offer from Bitwise
Telegram financial statements related to Gram fundraising will be submitted to the U.S. Securities and Exchange Commission