It steals files from three different Bitcoin applications. In addition, Cerber has now set aside the passwords of the Bitcoin wallet, which are stored in browsers Internet Explorer, Chrome, and Firefox. Only then does the Ransomware start to encrypt files.
Trend Micro warns against a new variant of the Ransomware Cerber. It is no longer content only to encrypt files and to extort a ransom for their release. The back men are now also behind the Bitcoin purse of their victims.
The distribution of Cerber continues to be a malicious file of unwanted e-mails. The attached JavaScript file, when it is running, downloads the current Cerber variant. Before she starts encrypting files, however, she looks for files that belong to three Bitcoin apps on an infected computer: Bitcoin Core as well as Electrum and Multibit.
The files “wallet.dat” (Bitcoin Core), “* .wallet” (multibit) and “electrum.dat” (Electrum) are transferred to a command server on the Internet. Since the theft of these files alone is not sufficient for access to a Bitcoin wallet, the hackers also have the required users and passwords. They hope to find hackers in the browsers Internet Explorer, Google Chrome or Mozilla Firefox. Additionally, Cerber deletes the Wallet files as soon as they are passed to their own servers.
“The new feature shows that the attackers are testing new ways to monetize Ransomware,” says Trend Micro’s blog. “The theft of Bitcoins from attacked users would be a source of possible revenue.”
Trend Micro also points out that at least the attacks on the Electrum wallet should show little success. The app does not use the file name “electrum.dat” since 2013.
Cerber has been in circulation since at least the beginning of 2016. At the time, it was the first “talking” ransomware. She presented her ransom claim by voice, rather than a picture. Initially Cerber was spread over malvertising campaigns.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
