SECURITY
SECURITY
SECURITY
Botnet targeting Electrum wallet grows to 150,000 with $4.6M stolen so far
A botnet used to target the Electrum bitcoin wallet network is continuing to grow as researchers say it surpassed 150,000 at its peak with even more cryptocurrency now stolen from users.
The botnet targeting Electrum customers, first detected April 8, is a new variation of a targeted campaign first detected Dec. 27.
Electrum works on a distributed model, with users of the wallet connecting to different servers. Those behind the attacks introduce their own Electrum servers into the network with a malicious version of the wallet code that tricks users into downloading it. The malicious wallet then allows those behind the hack to steal the cryptocurrency balance of the victim.
The botnet is being used to run a distributed-denial-of-service attack that aims to knock legitimate Electrum servers offline and force users to connect to malicious servers instead. Although Electrum has addressed the issue through an updated wallet software, it requires users to update their wallet and given the escalation of the botnet, it’s clear many have not done so.
The new data comes from Malwarebytes Inc., which has been closely monitoring the Electrum botnet. According to security researchers at the company, the amount of funds stolen has now increased to $4.6 million.
“The botnet that is flooding the Electrum infrastructure is rapidly growing,” the researchers say. “Case in point, on April 24, the number of infected machines in the botnet was just below 100,000 and the next day it reached its highest at 152,000.” Since that time, the botnet has floated around the 100,000 mark, lower but still large.
The researchers have also identified two distribution campaigns that are fueling the botnet dubbed Smoke Loader and RIG exploit kit. Each of them is used to install ElectrumDoSMiner malware that powers the DDoS attack against legitimate Electrum servers.
The locations of the devices infected and being used in the botnet are primarily located in the Asia-Pacific Region as well as Brazil and Peru.
“The number of victims that are part of this botnet is constantly changing,” the researchers conclude. “We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DDoS attacks.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
