Backdoored cryptocurrency software found serving AZORult malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
EXCLUSIVE --Hackers have compromised the GitHub account of the Denarius cryptocurrency project lead and have backdoored the Windows client with the AZORult infostealer malware.

The compromised Denarius cryptocurrency client --which node operators run on their servers to support the Denarius blockchain-- was spotted earlier today by a security researcher named Misterch0c, who alerted ZDNet.
ZDNet independently confirmed the researcher's findings with the help of RiskIQ threat researcher Yonathan Klijnsma.

Carsen Klock, the top dev behind the Denarius cryptocurrency, said the incident occurred because he reused an older password to secure his GitHub account.
This allowed a hacker to silently access his GitHub account and upload a backdoored version of the Denarius Window client --version 3.3.6, released on January 22.

According to Misterch0c and Klijnsma, this file (VirusTotal link) was a modified Denarius client installer that installed a version of the AZORult malware.
"The .bat file is started, which it will start the other bins in sequence, with smaller one being AZORult," Klijnsma said after analyzing the backdoored Denarius installer.

Once installed on a user's computer, AZORult can steal a vast array of user data, such as browser passwords, browser cookies, passwords for FTP clients, chat histories, and most importantly, wallet database files from popular cryptocurrency clients.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top