ThreatFabric has discovered three new Trojans: Cerberus, Hydra and Gustaff. Their main purpose is to steal data for access to crypt currency exchanges, crypt wallets and banking applications.
Amsterdam-based financial cybersecurity company ThreatFabric has detected a Cerberus trojan that steals two factor authentication codes generated by Google Authenticator's online banking application, email accounts and cryptovalent exchanges.
According to ThreatFabric, the exchange cryptovalut Coinbase — one goal of Cerberus, along with major financial institutions around the world and social networking applications. The company has not yet found advertising of updated features of Cerberus in the darnet. This means that the updated version "is still in the testing phase, but may be released soon".
The ThreatFabric report says that the Cerberus remote access trojan was first detected in late June last year, replacing the Anubis trojan and becoming one of the most popular Malware-as-a-Service products.
ThreatFabric notes that Cerberus was updated in mid-January 2020, and the new version has the ability to steal two factor authentication tokens from Google Authenticator, as well as PINs to lock the device screen. Once installed, Cerberus can download content from the device and establish connections, giving the attacker full remote access to the device. The Trojan can then be used for any application, including banking applications, and for access to exchangers.
"A feature that steals device screen lock credentials (PIN and lock pattern) is provided by a simple overlay that requires the victim to unlock the device. From the implementation of the Trojan we can conclude that this theft of screen lock credentials was designed to allow attackers to remotely unlock the device for their own purposes when the victim is not using it. This once again confirms the rich imagination of criminals who create sophisticated tools to achieve their goals.
The report examines two other remote access Trojans that have emerged since Anubis — Hydra and Gustaff.Hydra developers have recently expanded the scope of the program to target Turkish banks and wallets on the blockage. Gustaff targets Australian and Canadian banks, cryptic wallets and government websites.
Three Trojans, including Cerberus, target at least 26 cryptographic exchanges and cryptographic service providers, including Coinbase, Binance, Xapo, Wirex and Bitpay. Potential protection against Cerberus — use of physical authentication key to prevent remote attacks. These keys require physical access to the device, which helps minimize the risk of a successful attack.
Hackers are increasingly targeting cryptographic users. According to CipherTrace, losses from hacker attacks decreased last year, but the total losses from crime in the crypto industry rose to $4.52 billion from $1.74 billion in 2018.
Comments
Post a Comment