New version of Cerber ransomware targets bitcoin wallets
A new version of the infamous Cerber ransomware now steals bitcoin from wallets, according to newly published research.
Gilbert Sison and Janus Agcaoili from Trend Micro Inc. detail the new version in a blog post, explaining that the new version of Cerber, which has gone through six separate versions with various differences in its routines, targets the original Bitcoin Core wallet along with the third-party Electrum and Multibit wallets.
Like the versions before it, such as the versions that evade machine learning and target database processes, the new version of Cerber targets victims through a JavaScript attachment in an email. Once a victim opens the attachment, the JavaScript targets and steals the core file relative to the bitcoin wallet and then tries to steal the saved passwords from Internet Explorer, Google Chrome and Mozilla Firefox, the passwords being required to access the stolen bitcoin wallet files.
“Saved passwords and any bitcoin wallet information found are sent to the attackers via the command-and-control servers,” Sison and Agcaoili write. “It also deletes the wallet files once they have been sent to the servers, adding to the injury of the victims.”
What does make this new version of Cerber interesting is that while stealing bitcoin wallet information and passwords, it also deploys its standard ransomware package, meaning that victims are hit with a “double whammy” when it comes to being attacked.
“This new feature shows that attackers are trying out new ways to monetize ransomware,” Sison and Agcaoili added. “Stealing the bitcoins of targeted users would represent a valuable source of potential income.”
As always, users are encouraged to practice safe Internet. On top of running up-to-date antivirus software, the researchers emphasized the importance of educating users against opening attachments in emails from external or unverified sources. System administrators are also encouraged to consider email policies that strip out such attachments to prevent them being clicked on to begin with.
Image: Cerber ransomware
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU