Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets

Forcepoint
Researchers have noticed that the Quant Trojan has been given a significant update designed to target cryptocurrency wallets and the Bitcoin they hold.
It isn’t that surprising that cyberattackers have taken note of the recent surge in value when it comes to Bitcoin. While other virtual currencies including Ethereum are increasing gradually in value, Bitcoin has exploded, reaching $12,600 at the time of writing.
More security news
US says it doesn’t need secret court’s approval to ask for encryption backdoors
A giant botnet behind one million malware attacks a month just got shut down
A popular virtual keyboard app leaks 31 million users’ personal data
Android security alert: Google’s latest bulletin warns of 47 bugs, 10 critical
There is the risk of a crash, according to some analysts, but this is no deterrent to criminals looking to cash in on other people’s funds.
On Tuesday, researchers from Forcepoint Security Labs revealed an update to the existing Quant malware.
The team has been keeping tabs on the Trojan, describing the malware last year as a distributor of the Locky Zepto ransomware and Pony malware families.
Available for purchase on Russian underground forums, Quant was advertised by a user called “MrRaiX,” or “DamRaiX,” and was a simple loader capable of geographical targeting and both downloading and executing .EXEs and DLLs.
However, in a blog post, Forcepoint researchers say that a range of new and concerning features have been added to this relatively basic malware.
After stumbling across an active Quant loader administration panel on a newly-registered domain, the team found that the newest samples of Quant all still point to the same payload files from a command-and-control (C&C) server, but new files have been enabled for download by default.
The new files are bs.dll.c, a cryptocurrency stealer and sql.dll.c, an SQLite library required for the third new file, zs.dll.c, a credential stealer.
所有的企业IT基础架构都存在着各种漏洞,要有效应对它们非常依赖的是最终用户的意识,而非功能强大的系统。
Bs.dll.c, also known as MBS, is a library which scans a victim’s Application Data directory for supported wallets, extracts any data found and sends it to the attacker’s control server. However, this function only applies to Bitcoin, Terracoin, Peercoin and Primecoin-supporting offline wallets.
The credentials stealer, dubbed ZStealer, is able to steal both application and operating system account information. Once a scan is completed, any credentials grabbed by the malware are then transferred to the C&C by an HTTP POST request to a PHP page on the server side.
ZStealer can be used to steal credentials from Wi-Fi networks, Chrome, Outlook Express, FTP software, and Thunderbird, among others.
While the two modules can be bought separately, the researchers speculate that by including them with the Quant loader, the creator is attempting to justify the price of Quant.
“These two modules are still sold separately: MBS can be bought separately for $100 for a full license and an additional $15 for every update while ZStealer would be $100 for a full license with free updates, or $55 for a base license and an additional $15 for every update,” Forcepoint says. “This is as compared to a recent advert offering five full Quant licenses for $275.”
The new Quant build also contains a lengthy sleep command in an attempt to avoid detection by antivirus software and analysis in sandbox environments.
“Targeting cryptocurrency wallets is not a particularly new innovation, and targeting ‘offline’ wallets is a relatively well-established way of attempting to steal ‘coins’,” the researchers added. “Interestingly, while the stated goal of the ZStealer module is more general password theft, this may stand a chance of better returns by stealing user credentials for online wallet providers and exchanges such as blockchain.info and Coinbase.”
Best gifts: Top tech for co-workers
SEE FULL GALLERY
合规发展再升级 玛瑙湾获国家信息安全等保三级认证

1 – 5 of 21
NEXT
PREV
Previous and related coveragePayPal’s TIO Networks reveals data breach impacted 1.6 million users National Credit Federation leaked US citizen data through unsecured AWS bucket HP patches severe code execution bug in enterprise printers
Related Topics:
Security TV
Data Management
IT安全管理负责人需小心自带计算设备BYOD华丽转身为BYOS自带应用软件,即便是使用自己的电脑或手机用于工作,也当然会想还可以用于私人事务,员工在自己的设备中装软件,关公司和IT什么事儿呢?

猜您喜欢

国家发改委就十二五规划纲要答记者问现场
来自互联网公司的真实商业间谍案例让企业安全管理人员无法轻松
网络安全法宣传片 002 国家网络安全的现状与重要性概述
把控细节之美 试驾别克2018款君越Avenir
XAHZW DECOTONESURFACES
首都网络安全日活动的经验应该走向全国