silversurfer

Level 47
Content Creator
Trusted
Malware Hunter
Verified
EXCLUSIVE --Hackers have compromised the GitHub account of the Denarius cryptocurrency project lead and have backdoored the Windows client with the AZORult infostealer malware.

The compromised Denarius cryptocurrency client --which node operators run on their servers to support the Denarius blockchain-- was spotted earlier today by a security researcher named Misterch0c, who alerted ZDNet.
ZDNet independently confirmed the researcher's findings with the help of RiskIQ threat researcher Yonathan Klijnsma.

Carsen Klock, the top dev behind the Denarius cryptocurrency, said the incident occurred because he reused an older password to secure his GitHub account.
This allowed a hacker to silently access his GitHub account and upload a backdoored version of the Denarius Window client --version 3.3.6, released on January 22.

According to Misterch0c and Klijnsma, this file (VirusTotal link) was a modified Denarius client installer that installed a version of the AZORult malware.
"The .bat file is started, which it will start the other bins in sequence, with smaller one being AZORult," Klijnsma said after analyzing the backdoored Denarius installer.

Once installed on a user's computer, AZORult can steal a vast array of user data, such as browser passwords, browser cookies, passwords for FTP clients, chat histories, and most importantly, wallet database files from popular cryptocurrency clients.