Crypto wallets are necessary resources for traders to hold their earnings and tokens. However, one of the primary reasons that raises concern in the industry is the possibility of external agents inflicting damage by performing a hacking attack, data theft, or even a Denial of Service (DoS) attack. The latter is currently affecting Electrum users.
According to the anti-malware software company Malwarebytes, which explained the case in a blog post this week, there are now more than 152,000 BTC wallets infected in the ongoing Denial of Service attack on the wallet’s servers, an alarming number that could still grow in the next hours or days.
DoS Attacks: What are they?
A denial-of-service (DoS) event refers to any type of attack in which the hackers or offenders try to prevent users from accessing a specific service. The most common way of achieving that is by sending excessive messages asking the network or server to authenticate requests with invalid return addresses, thus overloading the servers.
By sending lots of requests at the same time, or increasing traffic on purpose, the person or entity performing the attack shows the evident and explicit intention of congesting the victim’s network and affecting its device and connection’s performance.
The hackers have stolen, so far, no less than $4.6 million through the 152,000 infected wallets, according to data from MalwareBytes. The firm isolated a loader called Trojan.BeamWinHTTP, which is also related in the download of the Electrum DoSMiner.
“We have been able to correlate two distribution campaigns (RIG exploit kit and Smoke Loader) that are fueling this botnet by dropping malware we detect as ElectrumDoSMiner. Now, we have just identified a previously undocumented loader we call Trojan.BeamWinHTTP that is also involved in downloading ElectrumDoSMiner (transactionservices.exe),” the company stated via a blog post.
A Huge Botnet that Cannot Be Stopped
The Electrum’s DoS attack can be referred to as a botnet. A botnet is a term to refer to a network of connected devices in which each one is running one or multiple bots. They are most commonly used to steal data, perform DoS attacks, send spam, and other dubious activities.
The Asia-Pacific region has the most bots, always according to MalwareBytes. In the meantime, Brazil and Peru have also shown a large concentration of bots, as they are markets in which Electrum infrastructure is continually growing.
“By analyzing the IP addresses and mapping them to a country, we are able to have a better idea of where the bots are located. We find the largest concentration in the Asia Pacific region (APAC). For the Americas, most bots are located in Brazil and Peru,” the firm continued.
The Modus Operandi
The attack purportedly started in early April, and was launched by a malicious botnet of over 140,000 devices. The goal was to steal people’s BTC by trying to trick them into installing or updating to fake versions of the firm’s software. The hackers then used compromised versions of Electrum by implementing their own servers.
As per the number of victims that are part of the botnet, MalwareBytes explains that “it is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”
By Andrés Chávez