Trojans Targeting Cryptocurrency Exchanges Among The Top Cyber Threats In Switzerland

09/11/2018

The cryptocurrency Monero is one of the most popular, and people have created malware to mine that cryptocurrency.

In a paper released by Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI), a government agency, the anonymous cryptocurrency Monero has been ranked as the sixth most significant malware to hit the country in the first half of 2018.

The Swiss researchers also discovered that cybersecurity threats were once focused on breaking into online banking services. But the trend has somehow pivoted to efficiently attack cryptocurrency exchanges.

The research also details the most critical cyberthreats to hit the Swiss internet.

Distribution of malicious software in Switzerland known to MELANI. The cut-off date at 30 June 2018
Distribution of malicious software in Switzerland known to MELANI. The cut-off date at 30 June 2018

As in previous years, the majority of cyber incidents in Switzerland were caused by the Downadup malware (Conficker). The worm that has been around since 2008, spread via security vulnerability in Windows operating systems. On second place, is the Gamut spam malware which appeared to be responsible for 37 percent of the international spam volume. Third place is Gamarue (Andromeda), a downloader that can download additional malware.

In fourth and fifth are the malware Spambot and Stealrat, also responsible for sending spam.

As for the sixth, is the Monerominer. Its the most prevalent malware found in Switzerland's internet in the first months of 2018.

The malware bot is capable of downloading and running more malware, stealing users' account information, acts as a keylogger, and can also encrypt hard drives and holding users' data in ransom (typically in exchange for cryptocurrency),

Monero-mining malware has certainly become notorious. Not long ago, security researchers found that more than two million previously undiscovered variations of the supposedly neutral CoinHive script were released in just three months.

MELANI also found an e-banking trojan Dridex has been ramping up its crypto-focused operations. The malware that first appeared in 2012 under the name Cridex, was found to have shifted its focus to target cryptocurrency, based on its configuration files.

The same goes with the malware Gozi. First discovered in 2009, it has evolved to also target digital assets. The report notes that Gozi that is ranked at number nine, is targeting cryptocurrency exchanges, after it was recorded to have used ‘malvertising’ for the first time so it can spread as quickly as possible.

"This technique consists in using advertisements to mislead the user into downloading manipulated software,” the researchers explain. “In search engines, the advertisements are often displayed above the actual search results, [which] leads to confusion among users."

The research by MELANI was included on its 27th semi-annual report. It addresses the most important cyber incidents of the first half of 2018 in Switzerland and also abroad.