Syscoin, cryptocurrency focused on instant payments, was the victim of the attack, which was compromised by the Syscoin client for Windows, which is on the GitHub project.
According to soobshenie team of project developers, the hacker replaced the official Windows client with a different version that contains malware. Users, after the program began to arouse suspicion among the antivirus programs reported it to the development team.
Spoiled client for Windows, posted by the hacker contain malicious software Arkei Stealer (Trojan: Win32 / Feury.B! Cl) is a Trojan used to steal keys and passwords from cryptocurrency wallets. The project team has issued the following notice:
After investigation, the developers of Syscoin was able to detect that the hacked version of the Windows installer Syscoin 126.96.36.199 was available in sootvetstvuet visit Syscoin on Github starting from 9 June 2018 as a result of hacking an account on GitHub. This installer contains malicious code (Trojan:Win32/Feury.B!cl).
Viral file called “re.exe” is stored in the local temp folder (C:\Users\user\AppData\Local\Temp) when running the fake installer: https://www.virustotal.com/#/file/b105d2db66865200…
#Syscoin #Security Notice: If you are a Window user and have downloaded the syscoin-qt 188.8.131.52 between June 9th and June 13th, please read this now! https://t.co/7hTtobPEKr pic.twitter.com/RVEieXS32l— Syscoin (@syscoin) June 14, 2018
Risk of infection were subjected to all the users who have downloaded the Windows client 184.108.40.206 Syscoin between June 9, 2018 (10:14 UTC), and June 13, 2018 (10:23 UTC). Trojan works with both 32-bit and 64-bit versions of the client software.
The developers recommend users to check the installation date of your Windows client for Syscoin to determine whether they threaten something or not. In case you have downloaded is infected, it is recommended to do the following:
- Create a full backup of all the important information about the wallet.
- Run an antivirus program to find and delete Trojan.
- Change all passwords used since the break, preferably on a different computer.
- To transfer funds from compromised wallets.
The developers also plan to take some steps to prevent the recurrence of such an attack including the use of two-factor authentication (2FA).
Currently, Syscoin is at 85 in the ranking of cryptocurrencies and the market capitalization amounts to 117 million dollars.