INFRA
INFRA
INFRA
New version of Cerber ransomware targets bitcoin wallets
A new version of the infamous Cerber ransomware now steals bitcoin from wallets, according to newly published research.
Gilbert Sison and Janus Agcaoili from Trend Micro Inc. detail the new version in a blog post, explaining that the new version of Cerber, which has gone through six separate versions with various differences in its routines, targets the original Bitcoin Core wallet along with the third-party Electrum and Multibit wallets.
Like the versions before it, such as the versions that evade machine learning and target database processes, the new version of Cerber targets victims through a JavaScript attachment in an email. Once a victim opens the attachment, the JavaScript targets and steals the core file relative to the bitcoin wallet and then tries to steal the saved passwords from Internet Explorer, Google Chrome and Mozilla Firefox, the passwords being required to access the stolen bitcoin wallet files.
“Saved passwords and any bitcoin wallet information found are sent to the attackers via the command-and-control servers,” Sison and Agcaoili write. “It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims.”
What does make this new version of Cerber interesting is that while stealing bitcoin wallet information and passwords, it also deploys its standard ransomware package, meaning that victims are hit with a “double whammy” when it comes to being attacked.
“This new feature shows that attackers are trying out new ways to monetize ransomware,” Sison and Agcaoili added. “Stealing the bitcoins of targeted users would represent a valuable source of potential income.”
As always, users are encouraged to practice safe Internet. On top of running up-to-date antivirus software, the researchers emphasized the importance of educating users against opening attachments in emails from external or unverified sources. System administrators are also encouraged to consider email policies that strip out such attachments to prevent them being clicked on to begin with.
Image: Cerber ransomware
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
