Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets

Researchers have noticed that the Quant Trojan has been given a significant update designed to target cryptocurrency wallets and the Bitcoin they hold.
安卓可穿戴系统及其衍生品的用户量急剧增长,五花八门的Android Wear平台电子设备会扩充人体机能,不过老老实实写应用软件的开发者,可能还没有制造电子病毒和搞破坏的坏家伙们来钱容易和快捷。
It isn’t that surprising that cyberattackers have taken note of the recent surge in value when it comes to Bitcoin. While other virtual currencies including Ethereum are increasing gradually in value, Bitcoin has exploded, reaching $12,600 at the time of writing.
More security news
US says it doesn’t need secret court’s approval to ask for encryption backdoors
A giant botnet behind one million malware attacks a month just got shut down
A popular virtual keyboard app leaks 31 million users’ personal data
Android security alert: Google’s latest bulletin warns of 47 bugs, 10 critical
There is the risk of a crash, according to some analysts, but this is no deterrent to criminals looking to cash in on other people’s funds.
On Tuesday, researchers from Forcepoint Security Labs revealed an update to the existing Quant malware.
The team has been keeping tabs on the Trojan, describing the malware last year as a distributor of the Locky Zepto ransomware and Pony malware families.
Available for purchase on Russian underground forums, Quant was advertised by a user called “MrRaiX,” or “DamRaiX,” and was a simple loader capable of geographical targeting and both downloading and executing .EXEs and DLLs.
However, in a blog post, Forcepoint researchers say that a range of new and concerning features have been added to this relatively basic malware.
After stumbling across an active Quant loader administration panel on a newly-registered domain, the team found that the newest samples of Quant all still point to the same payload files from a command-and-control (C&C) server, but new files have been enabled for download by default.
The new files are bs.dll.c, a cryptocurrency stealer and sql.dll.c, an SQLite library required for the third new file, zs.dll.c, a credential stealer.
Bs.dll.c, also known as MBS, is a library which scans a victim’s Application Data directory for supported wallets, extracts any data found and sends it to the attacker’s control server. However, this function only applies to Bitcoin, Terracoin, Peercoin and Primecoin-supporting offline wallets.
The credentials stealer, dubbed ZStealer, is able to steal both application and operating system account information. Once a scan is completed, any credentials grabbed by the malware are then transferred to the C&C by an HTTP POST request to a PHP page on the server side.
ZStealer can be used to steal credentials from Wi-Fi networks, Chrome, Outlook Express, FTP software, and Thunderbird, among others.
While the two modules can be bought separately, the researchers speculate that by including them with the Quant loader, the creator is attempting to justify the price of Quant.
“These two modules are still sold separately: MBS can be bought separately for $100 for a full license and an additional $15 for every update while ZStealer would be $100 for a full license with free updates, or $55 for a base license and an additional $15 for every update,” Forcepoint says. “This is as compared to a recent advert offering five full Quant licenses for $275.”
The new Quant build also contains a lengthy sleep command in an attempt to avoid detection by antivirus software and analysis in sandbox environments.
“Targeting cryptocurrency wallets is not a particularly new innovation, and targeting ‘offline’ wallets is a relatively well-established way of attempting to steal ‘coins’,” the researchers added. “Interestingly, while the stated goal of the ZStealer module is more general password theft, this may stand a chance of better returns by stealing user credentials for online wallet providers and exchanges such as blockchain.info and Coinbase.”
Best gifts: Top tech for co-workers
1 – 5 of 21

Previous and related coveragePayPal’s TIO Networks reveals data breach impacted 1.6 million users National Credit Federation leaked US citizen data through unsecured AWS bucket HP patches severe code execution bug in enterprise printers
Related Topics:
Security TV
Data Management


Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
黄晓明为何感慨人生 因为生病?