INFRA
INFRA
INFRA
New version of Cerber ransomware targets bitcoin wallets
A new version of the infamous Cerber ransomware now steals bitcoin from wallets, according to newly published research.
Gilbert Sison and Janus Agcaoili from Trend Micro Inc. detail the new version in a blog post, explaining that the new version of Cerber, which has gone through six separate versions with various differences in its routines, targets the original Bitcoin Core wallet along with the third-party Electrum and Multibit wallets.
Like the versions before it, such as the versions that evade machine learning and target database processes, the new version of Cerber targets victims through a JavaScript attachment in an email. Once a victim opens the attachment, the JavaScript targets and steals the core file relative to the bitcoin wallet and then tries to steal the saved passwords from Internet Explorer, Google Chrome and Mozilla Firefox, the passwords being required to access the stolen bitcoin wallet files.
“Saved passwords and any bitcoin wallet information found are sent to the attackers via the command-and-control servers,” Sison and Agcaoili write. “It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims.”
What does make this new version of Cerber interesting is that while stealing bitcoin wallet information and passwords, it also deploys its standard ransomware package, meaning that victims are hit with a “double whammy” when it comes to being attacked.
“This new feature shows that attackers are trying out new ways to monetize ransomware,” Sison and Agcaoili added. “Stealing the bitcoins of targeted users would represent a valuable source of potential income.”
As always, users are encouraged to practice safe Internet. On top of running up-to-date antivirus software, the researchers emphasized the importance of educating users against opening attachments in emails from external or unverified sources. System administrators are also encouraged to consider email policies that strip out such attachments to prevent them being clicked on to begin with.
Image: Cerber ransomware
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
