Last Week In Blockchain and CyberSecurity News - June 11, 2019

Over 1.5 Million RDP Servers Targeted by Brute-Force Botnet 

Security researchers have discovered an ongoing sophisticated botnet, GoldBrute, that’s scanning the web for Windows machines with the Remote Desktop Protocol (RDP) connection enabled. The botnet gradually escalates its attack by “adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute force them.”  

Attackers behind this campaign command each infected machine to target millions of servers using a unique set of username and password combinations, effectively brute force attacking a targeted server from different IP addresses. A quick Shodan search shows that over “2.4 million Windows RDP servers can be accessed on the Internet, and probably more than half of them are receiving brute force attempts.”  

Read more here

$9.5 Million Stolen from GateHub Cryptocurrency Wallets

Cybercriminals successfully siphoned 23.2 million XRP worth over $9.5 million from the users of the GateHub cryptocurrency wallet.  

In a preliminary statement posted on their website, the GateHub team shares their prediction that the hackers abused the platform’s API to carry out the attacks, but they’re unsure of the specifics. GateHub further explains the incident,  

“We have detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys, however, still doesn't explain how the perpetrator was able to gain other required information needed to decrypt the secret keys.”  

The thieves have already laundered around 13.1 million of the missing XRP through exchanges and mixer services. GateHub has notified law enforcement and stated they would post an official statement once they complete the internal investigation. 

Read more here

Facebook Will Reportedly Launch Cryptocurrency This Month, Allowing Employees to Take It as Salary

According to a report by The Information, Facebook will officially launch a new cryptocurrency later this month. The report adds that the social media company also intends to provide “physical ATM-like machines where users can buy the currency.”  

Having a cryptocurrency could help Facebook diversify its income source beyond advertising, especially since their ad model has faced harsh criticism from privacy advocates and government entities lately.  

The report further states that Facebook plans to solicit “third-party organizations to act as nodes to help manage the cryptocurrency and has discussed charging $10 million for the privilege.” Nodes store and maintain the record of transactions in a blockchain network.   

Get more information here

Cryptocurrency Startup Hacks Itself Before a Hacker Gets a Chance to Steal Users’ Funds

Cryptocurrency startup Komodo claims to have hacked its customers’ wallets to save their funds from a malicious third party.  

The crypto platform discovered a vulnerability in its Agama wallet, putting the funds of several Agama users at risk. To keep those funds safe, the Komodo team decided it was best to exploit the vulnerability. They first extracted the users’ funds from impacted wallets and then moved those funds to a safe location.  

Around 8 million KMD (roughly $12.48 million) and 96 BTC ($765,000) were saved from the vulnerable wallets.  

In their announcement, the Komodo team stated,  

"The safe wallets RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC) are under the control of the Komodo Team, and assets can be reclaimed by their owners. See our support page article for details.”  

Many were upset with the startup’s actions and questioned them throughout various social media platforms. 

Read more here

Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware 

Hoping to steal crypto from unsuspecting victims, cybercriminals have developed a website that imitates the legitimate CryptoHopper cryptocurrency trading platform. Once an individual visits the phony website, a Setup.exe is automatically downloaded onto the victim's computer. The Setup.exe executable comes with the official CryptoHopper logo but is actually the Vidar information-stealing Trojan.  

Once executed, Vidar installs two Qulab Trojans, one that operates as a miner and the other that acts as a clipboard hijacker. The trojan also actively attempts to collect various pieces of data from the infected machine. 

Information that the Vidar Trojan attempts to steal includes:  

  • browser cookies 

  • browser history 

  • browser payment information 

  • saved login credentials 

  • cryptocurrency wallets 

  • text files 

  • browser form autofill information 

  • Authy 2FA authenticator databases 

  • a screenshot of your desktop at the time of infection 

  • much more. 

Vidar sends the above information to a remote server that the attackers control. As always, users should double check the URL of websites they visit and scan any files before running them.  

Read more here