Each holder of cryptomonnaie has a virtual wallet to store, send, receive, purchase, or sell its assets. These portfolios are accessible through specific addresses. It is this type of address that is at the heart of a new hacking, revealed by Lukas Stefanko, a researcher for the company’s cybersecurity ESET. In a blog post published on 8 February. he claims to have discovered a vulnerability within an application available on the Google Play Store, pretending to be MetaMask, a software that manages the portfolios of the cryptomonnaie Ethereum. Downloadable in the form of a plug-in on Chrome and Firefox browsers, this application contained a type of malware called “clipper”. Thanks to him, the hackers are able to hijack the address of the portfolio of crypto-assets to their advantage.
These addresses are often very complicated and are in the form of a long sequence of numbers and letters. In general, users will not the type not to hand but a copy-and-paste to save time when connecting to their portfolio. It is during this process that the hacking “clipper” was in the game. Each time that a user copied and pasted his address, it was replaced automatically by a hackeur. When the users were transfers of their cryptomonnaie, it was returned directly on the portfolio of the hacker. The latter took the opportunity also to steal the login credentials of the victims to take control of their portfolio. For the moment, no figure has been put forward on the amount of the fraud, and Google has not yet responded.
The malicious application, online on the 1st of February, and has since been removed from the store of Google, but is a new warning for the firm of Mountain View who has already left on its app store malware.
piracy
Although it is recent, this type of piracy is already well established on the web according to the researchers of ESET. They claim indeed to have found this malware, the “clipper”, directly available to download on download.cnet.com one of the websites hosting the most popular software programs in the world. More than a simple case of theft of sensitive information, hacking this reveals a new pitfall, secure exchange platforms, or storage of cryptomonnaie.
by the End of 2017, the bitcoin had surpassed all records with a class of around 20 000 dollars. A sudden success that has had the direct effect of bait the hackers. “With the explosion in the price of bitcoin, there has been an explosion of interest of criminals across the entire string” warned by example Gérôme Billois, an expert at the law firm Wavestone during the FIC – international trade fair on cyber security – in January 2018. A few days after this warning, the platform, japan’s Coincheck had stolen the equivalent of 430 million euros. In total, over the whole of the year 2018, according to a study of the business of cyber security CipherTrace, it is 1.7 billion us dollars, which are evaporated in fraud cryptomonnaies, five times more than in 2017.
Big Bang, Eco, Maison de la chimie in Paris, on march 27, 2019, from 9h to 17h30
” check out the 3rd edition of 2019