Researchers Discover Trojan Malware Targeting Cryptocurrency Exchanges

Once again, cryptocurrency exchanges are being called to be wary of a threat to their security that could have catastrophic consequences. While these asset custodians have been kept vigilant over the years thanks to the threat of hacks and other security vulnerabilities that their online platforms might have, a new report is raising concerns over a Trojan that could be able to steal authentication codes and access customers’ funds. 

Cerberus is a Potential Grade-A Threat 

The warning sign was raised by ThreatFabric, a cybersecurity firm based in Amsterdam. The firm, which specializes in information threats concerning the finance industry, explained in a recent blog post that it had discovered a new Trojan known as “Cerberus.” As the blog post explained, Cerberus was built to specialize in stealing 2-factor authentication (2FA) codes that are gotten by the Google Authenticator service. 

In the blog post, ThreatFabric explained that it first identified Cerberus back in June 2019, with the Remote Access Trojan unseating the widespread Anubis Trojan as the top Malware-as-a-Service product to be used by hackers on the Dark Web. However, the product was updated last month, with the new version now being able to steal vital data such as 2FA codes saved on Google Authenticator, swipe patterns, and PIN codes for mobile phones. 

Once installed, Cerberus downloads all of the content on a victim device and establishes a link that provides remote access to the hacker. From there, the hacker can operate just about any app remotely – including crypto exchanges, banking apps, etc. 

“The feature enabling theft of device’s screen lock credentials (PIN and lock pattern) is powered by a simple overlay that will require the victim to unlock the device… This once more shows the creativity of criminals to build the right tools to be successful,” the security firm explained. 

ThreatFabric also confirmed in the post that Coinbase is one of the most vulnerable crypto exchanges to the new Trojan, joining a host of other social media platforms and financial institutions across the world. The Dutch security firm added that it hadn’t found any ads for the Trojan on the Dark Web yet, which leads to the belief that a final version of the tool is still in the works. However, it also estimated that the version would be out and ready for sale soon. 

More Work to be Done as Security Threats Grow 

The entire tech industry had been kept at full alarm this year already, with security organizations discovering new and innovative means for them to gain access to devices and steal confidential information. While ransomware and cryptojacking made the news most frequently last year, it would seem that firms now have a new enemy to contend with. 

Just this week, Slovakian security firm ESET explained in a presentation at the RSA 2020 security conference in San Francisco that it had discovered Kr00k – a strain of malware that is capable of affecting WiFi communications.

As the firm explained, hackers can employ the product as a means of breaking into WiFi networks and devices that use the WPA2 connection. As the firm confirmed, the most conservative estimates show a billion vulnerable devices.