Syscoin, the instant payment cryptocurrency, was attacked after a hacker inserted a malware-tainted Syscoin Windows client into the project’s GitHub account.
According to Syscoin’s dev team, a hacker replaced the official Windows client with a version that contained malware. Software users alerted the dev team to the malware when the program started showing up on their computers as malicious.
The tainted client appeared to contain the Arkei Stealer malware (Trojan:Win32/Feury.B!cl), a trojan known for stealing passwords and wallet keys. The Syscoin dev team published a notice on GitHub, saying:
“Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 220.127.116.11 installer was made available via the Syscoin Github release page on June 9th, 2018 due to a compromised GitHub account. This installer contained malicious code. (Trojan:Win32/Feury.B!cl).
The virustotal scan of the malicious file named “re.exe” that is saved to the local temp folder (C:\Users\user\AppData\Local\Temp) upon running the fake installer: https://www.virustotal.com/#/file/b105d2db66865200d1b235c931026bf44428eb732739-3bf76fdd4e96f1c622a1/detection”
The Blockchain Foundry team says that users who downloaded the Syscoin 18.104.22.168 Windows client between June 9, 2018 (10:14 PM UTC) and June 13, 2018 (10:23 PM UTC) are currently at risk. The malware attacks both 32 and 64-bit versions of the client software.
The team advised users to check their installation logs of their Windows Syscoin to see if it falls within the time of the attack. The team advised users that if the check is positive, to take the following precautions:
– Do a full backup of their vital wallet information
– Immediately run anti-virus scan to identify and remove the malware.
– Change all passwords used since the time of the hack, preferably using a different computer
– Transfer funds from unsecured wallets to more secure wallets.
The Syscoin team also plan to implement some critical steps to prevent such an attack from happening again. Team members with GitHub access must enable two-factor authentication (2FA). They must also routinely audit and verify their binaries and signature hashes to detect tampering.