INFRA
INFRA
INFRA
New version of Cerber ransomware targets bitcoin wallets
A new version of the infamous Cerber ransomware now steals bitcoin from wallets, according to newly published research.
Gilbert Sison and Janus Agcaoili from Trend Micro Inc. detail the new version in a blog post, explaining that the new version of Cerber, which has gone through six separate versions with various differences in its routines, targets the original Bitcoin Core wallet along with the third-party Electrum and Multibit wallets.
Like the versions before it, such as the versions that evade machine learning and target database processes, the new version of Cerber targets victims through a JavaScript attachment in an email. Once a victim opens the attachment, the JavaScript targets and steals the core file relative to the bitcoin wallet and then tries to steal the saved passwords from Internet Explorer, Google Chrome and Mozilla Firefox, the passwords being required to access the stolen bitcoin wallet files.
“Saved passwords and any bitcoin wallet information found are sent to the attackers via the command-and-control servers,” Sison and Agcaoili write. “It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims.”
What does make this new version of Cerber interesting is that while stealing bitcoin wallet information and passwords, it also deploys its standard ransomware package, meaning that victims are hit with a “double whammy” when it comes to being attacked.
“This new feature shows that attackers are trying out new ways to monetize ransomware,” Sison and Agcaoili added. “Stealing the bitcoins of targeted users would represent a valuable source of potential income.”
As always, users are encouraged to practice safe Internet. On top of running up-to-date antivirus software, the researchers emphasized the importance of educating users against opening attachments in emails from external or unverified sources. System administrators are also encouraged to consider email policies that strip out such attachments to prevent them being clicked on to begin with.
Image: Cerber ransomware
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
