Japanese Crypto-Robbery. Another crypto-currency raid happened in Japan leading to the perpetrators getting away with about 60 million dollars-worth of cryptocurrency.

Within two hours, Japanese cryptocurrency exchange Tech Bureau Corp. was hacked last September 14 which was unfortunately discovered four days after the culprits managed to steal 6.7 billion yen or 59.67 million dollars-worth of cryptocurrency composed of Bitcoin, Bitcoin Cash and Monacoin; more than half of which belonged to customers.

The cryptocurrency was stolen from internet-connected “hot wallets” which are more vulnerable than cold wallets that remain in the dark until connected.

The customers won’t have to wallow in despair though. Tech Bureau managed to merge with JASDAQ-listed Fisco Ltd. For a majority ownership investment amounting 5 billion yen in order to pay back the customers.

This comes after another massive cryptocurrency hack last January when crypto-exchange Coincheck lost a massive 530 million dollars-worth of digital currency. Coincheck in turn was absorbed by Japanese online brokerage group Monex Group Inc.

Amazing how resilient the industry remains, hack after hack. Despite these, over 160 entities express their willingness to enter the cryptocurrency exchange market, perhaps due to the recent Bitcoin surge. Bitcoin has since dropped but value remains at over 6,000 dollars.

Japanese crypto-exchanges have lately come under fire for lack of security and mismanagement, and will continue to burn more after the recent hack of Tech Bureau. The Japan Financial Services Agency has yet to approve the aforementioned cryptocurrency exchange applicants.

The FSA conducted an investigation and audit of various cryptocurrency exchanges and found that security was lax and management was sloppy. Apparently Tech Bureau hasn’t learned its lesson.

Further measures will be required to tighten security amidst Japan’s cryptocurrency regulation, the first country to do so. Regulation is seen by some as a threat to the openness and freedom of cryptocurrency much like the fledgling internet before censorship. But Japan sees it as more of an encouragement and a way to include much needed security measures much like cryptocurrency’s physical counterpart.

Photo by Ryo Yoshitake on Unsplash

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

Cryptocurrency Exchanges Under Attack by Lazarus Through AppleJeus Malware. It’s been recently discovered that the Lazarus Group, an infamous North Korean cyber crime ring (supposedly backed by the government), has been targeting cryptocurrency exchanges, fintech companies and even banks with aggressive attacks involving high-value thefts.

Reports from Kaspersky Lab’s Global Research and Analysis Team have indicated that Lazarus have infiltrated an Asian cryptocurrency exchange, and are using Trojanized software to steal cryptocurrency. Specifically, they’ve been employing a macOS malware known as AppleJeus.

Vulnerability of macOS users

This is the first time the notorious Lazarus Group have been found to target macOS users, who traditionally fall victims to cyber attacks less often than their Windows counterparts. It’s believed that copies of the malware are being downloaded from what seems to be the website of a company who develops cryptocurrency trading software, which otherwise appears to be legitimate from the outset. However, after further investigation researchers have been unable to associate or verify it with a legitimate organization, raising serious questions about its validity.

The malware essentially gathers confidential information and details on the host computer, before sending it back to the command and control server. If the attacker deems it worth pursuing, they prompt for an update which installs Fallchill, a Trojan which provides almost unlimited access to the device, allowing information and data theft. From the user’s perspective, it simply seems like a standard software update.

Serious warnings are being issued

Kaspersky Lab seriously advises businesses and individuals like to not trust code simply based on digital certifications, a seemingly valid company profile and a genuine looking website – because these can still shield a malicious group seeking to cause serious damage through their attacks.

Businesses in particular are recommended to employ comprehensive and advanced security solutions to protect their networks and infrastructure, and to use multi-factor authentication for significant financial transactions.

BitTorrent Software Update Hijacked 400,000 – PCs Last Week – Trojanized. A substantial malware uprising last week that spread the cryptocurrency mining malware to 400,000 computers within few hours was due to a backdoor of the BitTorrent names MediaGet.  Also known as Dufoil  or Smoke Loader, it works by dropping a cryptocurrency miner software as a payload on infected Windows machines and as a result that mine Electroneum (digital coins) by using CPU cycles.

The Smoke Loader campaign was uncovered by Microsoft Windows Defender R&D team that affected computers in Ukraine, Russia and Turkey. Defender team blocked the campaign before any severe damage could be done.

It took about 12 hours to spread the malware to a huge audience and it was not mentioned by Microsoft how this happened.

Few days back, once investigation took place Microsoft disclosed that the attack was targeted to update mechanism of MediGet software and pushed the trojanized software to users.

“A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability,” the researchers team explain in a article post published on 14 March”

BitTorrent Software Update Hijacked 400,000 – PCs Last Week – Trojanized