This New Bitcoin Trojan Already Infected 150K Wallets

Electrum, one of the most popular Bitcoin (BTC) wallets, has been suffering from a massive Distributed Denial-of-Service (DDoS) attack on its servers. This attack has been ongoing since late 2018, and has reached 152,000 infected wallets and lost USD $4.6 million in stolen funds.

The anti-malware software firm Malwarebytes is reporting on the ongoing developments of this attack on Electrum, and they provided updates in their latest blog post on April 29.

Malwarebytes have managed to pinpoint a loader dubbed Trojan.BeamWinHTTP, who have downloaded the previously-detected Electrum DoSMiner responsible for dropping malware.

Moreover, Malwarebytes was able to locate where the largest concentration of attacking bots are coming from by analyzing and mapping their IP addresses. Per this analysis, the bots are primarily located in the Asia Pacific region, Brazil, and Peru.

How Does This Attack Work?

The DDoS attack on the Electrum network consists of a massive botnet attempting to steal users’ Bitcoin by referring them to fake versions of Electrum software.

Once the unsuspecting users are referred, they sync their vulnerable Electrum wallet with a malicious server and are directed to update their wallet with a hacked version, which once executed leads to the immediate loss of all funds.

The Electrum DDoS attack is proving to be a serious problem for the wallet. Electrum users first started losing funds in late December 2018, when a malicious party stole almost 250 BTC (USD $930,000 at the time).

Now, just a few months later, millions of dollars have been stolen from Electrum wallets and the DDoS attacks are still ongoing, despite the removal of more than 2,000 endpoints of ElectrumDoSMiner infections daily by Malwarebytes

Final Thoughts

In addition to the Electrum DDOS attacks, and as previously reported by IIB, the popular cryptocurrency hardware wallet manufacturer, Ledger, suffered attacks from new malware that targeted Windows users by attempting to obtain their 24-word recovery phrases.

Hackers used malware in a phishing attempt that replaces the desktop Ledger Live app with a malicious one and asks users to enter their recovery phrase after a fake update.

All in all, it’s of vital importance to be knowledgable of the types of hacks and attacks out there, so that you can protect your cryptocurrency assets. Just because they are stored in the most secure crypto wallets, doesn’t mean they are safe if you are fooled by a clever hacker.

Leave a Reply

Your email address will not be published. Required fields are marked *