UPDATED 22:54 EDT / APRIL 30 2019

SECURITY

Botnet targeting Electrum wallet grows to 150,000 with $4.6M stolen so far

A botnet used to target the Electrum bitcoin wallet network is continuing to grow as researchers say it surpassed 150,000 at its peak with even more cryptocurrency now stolen from users.

The botnet targeting Electrum customers, first detected April 8, is a new variation of a targeted campaign first detected Dec. 27.

Electrum works on a distributed model, with users of the wallet connecting to different servers. Those behind the attacks introduce their own Electrum servers into the network with a malicious version of the wallet code that tricks users into downloading it. The malicious wallet then allows those behind the hack to steal the cryptocurrency balance of the victim.

The botnet is being used to run a distributed-denial-of-service attack that aims to knock legitimate Electrum servers offline and force users to connect to malicious servers instead. Although Electrum has addressed the issue through an updated wallet software, it requires users to update their wallet and given the escalation of the botnet, it’s clear many have not done so.

The new data comes from Malwarebytes Inc., which has been closely monitoring the Electrum botnet. According to security researchers at the company, the amount of funds stolen has now increased to $4.6 million.

“The botnet that is flooding the Electrum infrastructure is rapidly growing,” the researchers say. “Case in point, on April 24, the number of infected machines in the botnet was just below 100,000 and the next day it reached its highest at 152,000.” Since that time, the botnet has floated around the 100,000 mark, lower but still large.

The researchers have also identified two distribution campaigns that are fueling the botnet dubbed Smoke Loader and RIG exploit kit. Each of them is used to install ElectrumDoSMiner malware that powers the DDoS attack against legitimate Electrum servers.

The locations of the devices infected and being used in the botnet are primarily located in the Asia-Pacific Region as well as Brazil and Peru.

“The number of victims that are part of this botnet is constantly changing,” the researchers conclude. “We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DDoS attacks.”

Photo: Pixabay

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.