Connect with us

News

Cardinal RAT malware strikes two cryptocurrency firms in Israel

Priya

Published

on

Cardinal RAT malware strikes two cryptocurrency firms in Israel
Source: Unsplash

One of the main concerns of the cryptocurrency space has always been hacking and malware. Recently, a research division of Palo Alto networks, Unit 42, detected a malicious malware targeting two Israeli fintech and cryptocurrency trading software companies. The malware in question was Cardinal RAT malware aka Remote Access Trojan, which was initially discovered in 2017.

The report by Unit 42 read,

“This malware family had remained undetected for over two years and was delivered via a unique downloader named Carp Downloader.”

It reported that the research division continued to keep tabs on the malware since it was first discovered. This was the main reason why they were able to discover “a series of attacks using an updated version of Cardinal RAT.” The report further stated that that there were a “series of modifications” in the RAT, which could have been made in order to “evade detection,” and also hinder the analysis.

The report added,

“We witnessed attacks targeting the financial technology [FinTech] sector, primarily focused on organizations based in Israel. While researching these attacks, we discovered a possible relationship between Cardinal RAT and another malware family named EVILNUM […] a JavaScript-based malware”

With this malware, the attacker can gain access to the victim’s personal information, capture screenshots, clean cookies from browser, uninstall itself from the victims device, execute command, recover passwords, download and execute new files, and update settings.

Even though the details pertaining to the two companies that build software for the Forex and cryptocurrency trading firms have not been disclosed, the implications of this malware attack could be disastrous. This entirely depends on the platform’s main operations, such as whether they had information of customers stored in their devices.

In a statement to thenextweb, Unit 42 stated “that the malicious files find their way onto machines through lure documents attached to spam messages that were sent to individuals thought to operate as Forex and cryptocurrency traders.”





Subscribe to AMBCrypto’s Newsletter




Follow us on Telegram | Twitter | Facebook



Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.

News

GateHub: Stolen XRP funds transferred to prominent exchanges

Namrata Shukla

Published

on

GateHub stolen XRP funds moved to Bitfinex and OKEx
Source: Pixabay

The GateHub hack that took place earlier this month resulted in the exchange losing nearly 23 million XRP worth approximately $9 million. However, Whale Alert, a tracker of large crypto transactions, alerted the community of these stolen funds being moved to various different exchanges.

One of these exchanges was identified to be Bitfinex, which received 400,025 XRP on June 16 at 10:57:22 UTC. The sender’s address was r4hyDYXv7iV3oCahxQzqYYfgxwyBx3AyMN and was identified to be from the GateHub hack 2019. The receiver’s address was identified to be Bitfinex’s- r9o9MerrS7d2GAEs6JPj4v4JcvZAJNtLUY. The hash rate of the transaction was 21124F7818A2903E9750456D603CC9AACC9DBE6CE2EF0AA191C734339B4CA682 and the transaction details were as follows:

Source: Whale Alert

Source: Whale Alert

Another transaction was noted to take place to the Bitfinex wallet address where 100,000 XRP was transferred from another identified GateHub hack address. The identified Bitfinex’s wallet address was rDcz7P9YMpffLKhRBovTzhUr3wKtk3y9q7. This wallet address was quick to transfer the funds immediately to another exchange, OKEx. OKEx previously received 3,000 XRP from the stolen funds to an identified OKEx address- rUzWJkXyEtT8ekSSxkBYPqCvHpngcy6Fks. The hash rate of the transaction was noted to be BE97F68A20E996A2E1A37228DCBD45A1F26E8E2B3A842E9FCFFF7721157C1C37 and following were the transaction details:

Source: Whale Alert

Source: Whale Alert

The stolen funds were moved to another prominent exchange, Binance, and CZ was swift to inform Whale Alert that he would look into it. However, the crypto users did not find any relief about these funds going to other exchanges as the exchanges did not respond to the large transactions.





Subscribe to AMBCrypto’s Newsletter


Continue Reading

Trending