A hacker gained access to the GitHub account of the
Syscoin cryptocurrency and replaced the official Windows client with a version containing malware.
The poisoned Syscoin Windows client contained Arkei Stealer, a malware strain specialized in dumping and stealing passwords and wallet private keys. This malware is also detected as Trojan:Win32/Feury.B!cl.
Syscoin developers are now warning Syscoin users who downloaded version 3.0.4.1 of the Syscoin client between
June 09th, 2018 10:14 PM UTC and
June 13th, 2018 10:23 PM UTC that their systems might be infected with malware.
The affected files are (version number included in the file name is 3.0.4, but they install version 3.0.4.1):
syscoincore-3.0.4-win32-setup.exe
syscoincore-3.0.4-win64-setup.exe
Only Syscoin Windows client affected
Hackers only tampered with the Windows client and no other files available in the
v3.0.4.1 release, which also included Mac and Linux clients, along with the adjacent source code.
The Syscoin clients are installed on an operating system and allow users to run a Syscoin node, which they can use to mine new Syscoin cryptocurrency or manage Syscoin funds.
The incident came to light yesterday when the Syscoin team received a warning from users that Windows Defender SmartScreen was marking downloads of the Syscoin Windows client as malicious.
