Syscoin Hacked, Malware Into Github Account
According to the development team, a hacker replaced the official Windows client with another version containing malware. Users of the software alerted the team to the presence of the malware in the Windows client when the program started showing up on their computers as malicious.
The tainted Windows client introduced by the hacker contained a malware called Arkei Stealer (Trojan:Win32/Feury.B!cl) — a trojan known for stealing keys and passwords. The project team published a security notice on GitHub, which states:
Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 220.127.116.11 installer was made available via the Syscoin Github release page on June 9th, 2018 due to a compromised GitHub account. This installer contained malicious code. (Trojan:Win32/Feury.B!cl).The virustotal scan of the malicious file named “re.exe” that is saved to the local temp folder (C:\Users\user\AppData\Local\Temp) upon running the fake installer: https://www.virustotal.com/#/file/b105d2db66865200d1b235c931026bf44428eb7327393bf76fdd4e96f1c622a1/detection
— Syscoin (@syscoin) June 14, 2018
RISK EXPOSURE AND SOLVING THE PROBLEM
According to the Blockchain Foundry team, the users who downloaded the Syscoin 18.104.22.168 Windows client between June 9, 2018 (10:14 PM UTC) and June 13, 2018 (10:23 PM UTC) are in risk. The malware reportedly compromises both the 32-bit and 64-bit versions of the client software.
The team said users to check the installation date of their Windows Syscoin software to see if falls within the time of the hack. If the check turns out to be positive, users are advised to some precautionary steps.
- Perform a full backup of all vital wallet information.
- Run an anti-virus scan to identify and remove the trojan malware.
- Change all passwords used since the time of the hack, preferably on a different computer.
- Transfer funds from unsecured wallets to more secure ones.
The developers themselves also plan to implement some steps moving forward to prevent the reoccurrence of such an attack. Team members with GitHub access must enable two-factor authentication (2FA). They must also routinely audit and verify their binaries and signature hashes to detect any form of tampering.
Syscoin is currently the 86th-ranked cryptocurrency, with a market capitalization of $117 million. It is currently trading at $0.219.