Crypto-Stealing Virus Found in Torrented Movie File, Targeting Windows

Colin Muller

A package of extensive exploits found in a fake copy of a torrented movie falsifies search results and redirects cryptocurrency payments, if it can, reports the security website Bleepingcomputer.com.

The exploit suite, found in a fake copy of the movie The Girl in the Spider’s Web (garnering a 40% on Rotten Tomatoes), targets the Windows operating system only. While very robust, the exploit can only target fast-clickers, as the malicious file is not even a media playing filetype, but instead a .LNK shortcut. Bleepingcomputer cited security experts in saying that “weaponized .LNK files are common in pirated content.”

windowsLawl.png

The file opens many attack vectors. One of them produces fake ads and search results on Google and Yandex, by hijacking both Chrome and Firefox browsers to do its bidding, and downloads extensions it needs to function. It deviously redirects searches for things like “spyware” to custom, fake anti-spyware software which is in fact yet more malicious software.

Wikipedia is also targeted when users visit the site, with a fake donation box injected into the page that appears presenting bitcoin and ether addresses (neither has seemed to phish too much coin).

The exploit specifically targets crypto, too, by scanning websites for crypto addresses and replacing them with the attackers’ own addresses. The user, probably not noticing anything wrong, could then simply copy the wrong address into a transaction field. To protect themselves from these attacks, users are always advised to double check the addresses they're sending funds to.

Security in General

CryptoGlobe recently reported on the persisting vulnerability of South Korean exchanges, despite passing government-led security audits. Another report from ICORating, released only a week ago, claimed that a mere 16% of the top 135 cryptoasset exchanges got top marks on security. The majority of exchanges, the report found, had significant security oversites - including some big ones like Binance.

The overall trend of security involving cryptocurrency is that so-called “cryptojacking” - hijacking an unwitting user’s computer and using it to surreptitiously mine cryptocurrency (usually Monero) - is on the wane, while data theft targeting public and private organizations - a style of attack known as “ransomware" - is on the rise.

Businesses and other entities are often targeted by ransomware attacks by having their vital data encrypted, with attackers demanding cryptocurrency payments for the decryption keys.

Peter Schiff Admits to Entering PIN Instead of Password for His Blockchain Wallet

Siamak Masnavi

On Wednesday (January 22), famous gold bug Peter Schiff finally admitted that he lost access to the bitcoin held in his Blockchain Wallet because he had misunderstood how this wallet works. However, not all the blame for this incident should be pointed to Schiff.

Schiff is the CEO of Euro Pacific Capital, a full-service, registered broker/dealer specializing in foreign markets and securities, and founder and Chairman of SchiffGold, a full-service, discount precious metals dealer. He is also a man who is extremely bullish on gold, bearish on the U.S. dollar, and highly skeptical about Bitcoin.

On 4 July 2019, Schiff revealed that he owned some Bitcoin (BTC), Ether (ETH), and Bitcoin Cash (BCH), and said that he was going to HODL his bitcoin no matter what happens to the Bitcoin price.

Then, last Sunday (January 19), Schiff took to Twitter to express his anger with Bitcoin after allegedly losing access to the crypto wallet that holds his bitcoin:

Although Schiff said at the time that the wallet app he was using -- which we know know was the iOS version of Blockchain Wallet (made by Blockchain.com) -- had "somehow" become "corrupted" and that is why his password -- which he was sure of remembering correctly -- was being rejected, most people in CryptoTwitter seemed to believe that this was just a case of a "boomer" who has simply forgotten his wallet's password:

Eric Voorhees, Founder and CEO of ShapeShift, whom Schiff claims was the person who set up Schiff's wallet in the first place, says that it is Schiff who is to blame (and not Bitcoin) for forgetting his password and not making a note of his wallet's recovery phrase:

However, last night (January 22), three days after first reporting the loss of access to his entire Bitcoin holdings (which had mostly been gifted to him by members of the crypto community on Twitter), Schiff admitted that this situation was not due to a corrupt wallet but the fact that he had been confused about the concepts of PIN and password for his Blockchain Wallet; what made things worse was that he did not know/have neither the password nor the 12-word backup/recovery phrase: 

Having spent some time playing with the Blockchain Wallet, here is one possible explanation for what really happened. 

When you create a new Blockchain Wallet, you are asked to specify an email address (which acts as your username), a password (which is needed in case you ever logout or are logged out of your wallet), and a 4-digit PIN (which the wallet apps asks for -- if you have not setup biometric authentication -- whenever it is restarted, in order to "decrypt" your wallet). 

It is essential to note that the Blockchain Wallet does not force the user to record a 12-word or 24-word recovery/seed phrase at the time that the wallet is being created, i.e. this step is optional. After the wallet has been created, you need to go to the app's menu and choose "Backup Funds", at which point you are asked to write down each of the 12 words of the "backup phrase" the app assigns to your wallet.

So, if Schiff is telling the truth about never knowing the password of the backup phrase, then it looks like the person who created the wallet for him (i.e. Vooerhees) may have not told Schiff the wallet's password and not told him to make a note of the backup phrase.

Therefore, we can certainly blame Schiff for not bothering to understand how his wallet works, but it is also true that developers of crypto wallets need to do more to improve wallet usability in order to prepare for the mainstream adoption of crypto.