Electrum Bitcoin Wallets were attacked, and the infected machine number has reached to more than 152,000 due to the attack. The instance was noticed when the users were asked to download a fake update, upon doing so it could steal their virtual currencies, Malwarebytes a security firm revealed about the news through a web-blog post on 29th April 2019.
Jerome Segura, S!Ri and Adam Thomas, the researchers said that the amount of funds stolen has crossed $4.6 million mark, the botnet was pouring into the infrastructure of Electrum and resulted in infecting the number of machines to 152,000. The researchers noticed that only Windows machines were targeted by the botnet, one of the researchers informed a source.
Earlier, the security firm managed to identify a virus named Trojan.BeamWinHTTP, that was also a part of downloading Electrum DosMiner. The Electrum DosMiner was previously detected.
The three researchers displayed graphs from VirusTotal which showed numerous malicious binaries that were accessing the ElectrumDosMiner.
Most of the bots were found in areas such as the Asia Pacific region, Peru and Brazil. The botnet is infecting the Electrum infrastructure, and there is regular growth in botnet attacks.
By verifying the IP address, most of the bots were noticed in Brazil. While reporting on the same issue, earlier, the researchers mentioned that malicious actor fooled users to download an infected version of the wallet to steal bitcoin of the users. In order to resolve the issue, the developers of Electrum had launched a new version of 3.3.4. The earlier version that was infected was 3.3.3.
According to reports, the attackers were using their own Electrum servers which included wallet versions to understand the hack. When the users synchronized their unprotected Electrum wallet to the infected server, they were requested to upgrade their client with a hacked version that led the users to lose their fund instantly which were available in their older versions.
When Segura was asked if Electrum knew about the issue, he said, “Electrum is aware of those issues as you can see through their tweets about these incidents.” Further, he said, “The Botnet attacking the Electrum infrastructure could be in response to Electrum fixing the vulnerabilities and taking down the phishing sites.”
The Electrum users are certainly reporting about the DDoS and the frauds, replied Segura when asked about whether the issues of Electrum were reported to German authorities or not.
The Electrum basically provides versions for Windows, Linux and OSX and they were only able to find Windows machines being infected. However, malicious Electrum wallets can affect all the other operating system.
Back in December, similar kind of incidence was noticed, wherein the hack allowed a malicious party to steal bitcoin of worth 259 (equal to $937,000). The attacked users were trying to login into their wallets but repeatedly failed even after submitting their two-digit authentication code. Electrum did not request for such kind of thing during login. This led the hackers to access the wallet balance of users and stole their amount.
The researchers of MalwareBytes are monitoring the attacks related to the Electrum Bitcoin wallet.