Hackers target Syscoin by injecting malware into its GitHub account
Syscoin, an instant payment cryptocurrency, suffered a cyberattack earlier this month that saw hackers slip in malware into its GitHub account. Syscoin is ranked 85 among all the cryptocurrencies in the world and has a market capitalisation of $117,m, Bitcoinist reported.
The attack involved a hacker replacing Syscoin’s official Windows installer version 220.127.116.11 with a malware-laced version. The malicious Windows installer was made available to users via the project’s GitHub account. The hackers reportedly infected Syscoin’s Windows installer with the Arkei Stealer malware, which can harvest passwords and cryptocurrency wallet key.
“Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 18.104.22.168 installer was made available via the Syscoin Github release page on June 9th, 2018 due to a compromised GitHub account,” Syscoin said in an official security notice.
“Investigation into the issue revealed the original Github Windows setup binaries for release 22.214.171.124 had been modified and replaced with a malicious version through a compromised Github account,” the security notice explained. “Upon discovery, the 126.96.36.199 setup binaries were removed from Github and replaced with official, signed versions of the binaries.”
The firm warned that users who downloaded and executed the Syscoin 188.8.131.52 Windows setup from GitHub between June 9 and June 13 are at risk of having been affected by the attack. Syscoin said Mac and Linux users were unaffected by the incident.
Syscoin suggested that the users who may have downloaded the malware-laced installer should implement some precautionary security measures to stay safe from hackers.
Users have been advised to back up all their data, including wallets, outside their computer. Users should also run an antivirus scan on their system, change passwords and remove any funds in unencrypted or unlocked wallets to another newly generated wallet on a more secure computer.
Since discovering the attack, Syscoin said it has implemented further security measures such as perform routine verification of signature hashes and require all developers and Blockchain Foundry staff to enable 2FA authentication.
“Although the issue was detected quickly, we believe that the crypto-community is at risk for a specific type of attack which targets gatekeepers of source code for cryptocurrency projects,” Syscoin said.
“We highly recommend that all gatekeepers of software repositories for cryptocurrency projects sign binaries through an official build process like Gitian,” Syscoin added. “We are working with Github to improve the release page experience to provide information regarding the modifying account as well as the last modification date of a release. This would allow users to detect if certain binaries were updated for potentially malicious purposes.”