The number of infected Electrum bitcoin (BTC) wallets has reached 152,000 following an ongoing Denial-of-Service (DoS) attack on its servers. The development was reported by anti-malware software firm Malwarebytes in a blog post on April 29.
Malwarebytes discovered that the number of infected machines in the botnet has amounted to as high as 152,000, with the volume of stolen funds increasing to $4.6 million. The company managed to pinpoint a loader dubbed Trojan.BeamWinHTTP, which is also involved in downloading the previously-detected Electrum DoSMiner.
The largest concentration of the bots is reportedly located in the Asia Pacific region, Brazil and Peru, with the botnet that is attacking the Electrum infrastructure constantly growing.
In early April, Cointelegraph reported that the ongoing DoS attack on the Electrum network was allegedly launched by a malicious botnet of more than 140,000 machines, aiming to steal users’ BTC by referring them to fake versions of Electrum software.
As reported, the attackers implemented their own Electrum servers hosting compromised Electrum versions in order to realize the hack. After users sync their vulnerable Electrum wallet with a malicious server, they are directed to “update” their client with a hacked version, which eventually leads to an immediate loss of funds that were contained in the old versions.
Last December, the hack allowed a malicious party steal almost 250 BTC (about $937,000 at the time). Affected users reported trying and failing to log in to their wallets after providing their two-factor authentication code — something Electrum did not in fact request during login. The hackers then emptied the wallet balance.
Earlier in April, hardware cryptocurrency wallet manufacturer Ledger detected malware targeting its desktop application. The malware locally replaced the Ledger Live desktop app with a malicious one, infecting only Windows machines. Ledger further noted that the malware cannot compromise users’ computers or digital currency, but only represents a phishing attack in a bid to lure users to enter their 24-words recovery phrases.
Article First Published here