A compromised cryptocurrency software spotted installing AZORult malware

Attackers compromised the Github account of Denarius Cryptocurrency project lead and uploaded a backdoored version of Denarius Windows client v3.3.6.
The backdoored version of Denarius Windows client installer also installed AZORult malware.

Attackers have compromised the Github account of Denarius Cryptocurrency project lead and uploaded a backdoor version of Denarius Windows client v3.3.6. A security researcher named ‘Misterch0c’ spotted this backdoored Denarius client and notified ZDNet.

ZDNet worked closely with Yonathan Klijnsma, a threat researcher at RiskIQ and confirmed Misterch0c’s findings. Denarius cryptocurrency project lead Carsen Klock disclosed that he reused an older password, which resulted in the compromise of his Github account.

AZORult malware

Researchers Misterch0c and Klijnsma analyzed the backdoored Denarius Windows client installer and confirmed that the Denarius client installer installed AZORult malware.

“The .bat file is started, which it will start the other bins in sequence, with smaller one being AZORult,” Klijnsma said.

This AZORult malware, once installed on a system, would perform various malicious activities such as,

Steal user data such as browser cookies, browser passwords, chat histories, passwords for FTP clients, as well as wallet database files from cryptocurrency clients.
The stolen information would then be sent to a C&C server located at IP address 51[.]15[.]243[.]101.

Klijnsma analyzed the IP address against RiskIQ’s database and detected that the IP address (51[.]15[.]243[.]101) hosted an AZORult control panel since July 2018.

Denarius installer infected almost 3200 users

Another security researcher under the name ‘prsecurity’ claimed that the backdoored Denarius client installer infected roughly 3200 users.

“This IP address was also linked to other malware samples, all who appeared to be backdoored cryptocurrency software, and all who communicated with this same domain,” Misterch0c said.

Security researcher Misterch0c and ZDNet contacted Carsen Klock, the Denarius cryptocurrency project lead and reported the backdoored Denarius client. Upon learning this, Klock removed the backdoored Windows client from the Denarius cryptocurrency's official GitHub account.

Global Locations

Block A, A-25, Second Floor, Sector 3
Noida, Uttar Pradesh+91-120 429 1672+91 931 991 8771

Comments

Tr0ll 1.0 – Vulnhub CTF Challenge Walkthrough

Tr0ll 1.0 is an intentionally vulnerable machine, which is more of a CTF like type than real world scenario. Nevertheless, this machine has its own difficulties and you can learn some new stuff from it. So, let’s start. Enumeration Phase Let’s first run netdiscover to find the IP of our machine. netdiscover -r 192.168.1.1/24 After that, we run our typical nmap scan to see the open ports in the machine. nmap -A -sS -Pn -vv [target] Great we see many interesting stuff here. First of all, there is an open FTP port and we can connect to it with anonymous access . Also there is an open http port, we will run a nikto scan for it. The ssh port will be valuable later. From the nikto scan we got an interesting /secret/ folder. When we get inside, we can understand why the machine got this name. Nothing interesting here, as you can see. we got trolled Let’s connect to the ftp server. When we get asked for the username we type ‘ anonymous ‘ and we l

Digital Marketing Services in noida

Red Securium Company Provide Digital Marketing Service In Noida Strengthen your brand positioning, awareness, revenue objectives and market share with our custom-built digital marketing services to suit their business needs. Get easily accessible to your target audience on mobiles and social networking sites across different platforms. Our cross-functional digital marketing experts offer end-to-end digital marketing solutions that are in step with your business's goals and policies. Our targeted digital marketing campaigns are custom-structured for helping you in strengthening your brand positioning, awareness, revenue objectives and market share. Digital Marketing Services Digital Marketing Service Social Network Marketing Service Seo Services Marketing PPC Marketing Service Social Media Marketing Sales Generation Services Mobile Marketing Service Content Marketing Service Event Marketing Service Video Marketing Service Video Lo

Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email addresses and phone numbers of 57 million Uber riders and drivers along with driving license numbers of around 600,000 drivers. Besides this, it was also reported that instead of disclosing the breach at the time, the company paid $100,000 in ransom to the two hackers with access to the stolen data in exchange for keeping the incident secret and deleting the information. Today Britain’s Information Commissioner’s Office (ICO) fined Uber 385,000 pounds ($491,102), while the Dutch Data Protection Authority (Dutch DPA) levied a 600,000 euro ($679,790) penalty on Uber for failing to protect the personal informa

Red Securium

Search This Blog