Through an announcement occurring on the official Github page, Syscoin warned that the project’s official client had fallen victim of a malicious trojan attack. Users who have downloaded the software via Github between June 9, 10:14 PM UTC and June 13, 10:14 PM UTC this year, have been urged to take immediate action.
A team member’s compromised Github account was the initial attack vector of the malicious software. The compromised account enabled the hackers to gain access to the admin level and replaced the official Windows client with a spiked one.
Arkei stealer
The spiked version introduced by the perpetrators contained a malicious software called Arkei stealer which is well known. The bug mainly steals personal data that access user’s data stored on the local device. Luckily VirusTotal’s scan has confirmed that 44 out of 66 of the major antivirus software vendors have since blacklisted the offending software thereby, severely compromising its ability to spread any further.
The Syscoin team alerted its users, “Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 3.0.4.1 installer was made available via the Syscoin Github release page on June 9th, 2018 due to a compromised GitHub account. This installer contained malicious code. (Trojan:Win32/Feury.B!cl).” The team also warned that users who have installed the Syscoin 3.0.4.1 Windows client run a major risk of losing their personal data but and the funds held in their wallets.
The instant payment services’ team has urged users to check if they might have downloaded the Windows client during the malicious attack period. They were, however, advised on what to do in case they found out that they did they were advised.
Remedy
Affected users were told to, save a copy of the personal information of the wallet. Then run an antivirus and scan the device on which the wallet is installed, hence change the passwords and finally, move the funds to another wallet.
Syscion developers have since taken preventative measures to ensure that such kind of an attack does not happen again on their system. All Block Foundry Staff and Syscoin Developers will henceforth, be required to enable two-factor authentication for accessing accounts, perform routine verification of signature hashing, and work with Github in ensuring that users are able to detect altered binaries.
