This article was published on November 8, 2018

Switzerland: Trojan horses are evolving to target cryptocurrency exchanges

Cridex and Gozi are targeting cryptocurrencers more and more ...


Switzerland: Trojan horses are evolving to target cryptocurrency exchanges

A computer virus that mines the anonymous cryptocurrency Monero has been ranked as the sixth most significant malware to hit Switzerland in the first half of this year.

Swiss researchers also discovered that cybersecurity threats once focused on breaking into online banking services have pivoted to more efficiently attack cryptocurrency exchanges.

These revelations come by way of a new paper released by Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI), a government agency.

The research details the most critical cyberthreats to recently hit the Swiss internet, reports FinanceFeeds.

MELANI found seminal e-banking trojan Dridex has been ramping up its crypto-focused operations. It actually first appeared in 2012 under another name, Cridex. Researchers found the number of targeted cryptocurrency exchanges in its configuration files had increased this year.

Similarly, prominent malware Gozi, discovered in 2009, has evolved to suit new digital asset trends. The report notes that Gozi is currently targeting cryptocurrency exchanges, after it was recorded to have used ‘malvertising’ for the first time in order to spread itself as quickly as possible.

“This technique consists in using advertisements to mislead the user into downloading manipulated software,” the researchers explain. “In search engines, the advertisements are often displayed above the actual search results, [which] leads to confusion among users.”

But perhaps the most critical cryptocurrency threat for the Swiss is the mining malware Monerominer, which MELANI ranked as the sixth most prevalent malware threat found on Switzerland’s internet in the first six months of 2018.

Monerominer isn’t just a cryptocurrency miner. It’s actually a malware bot capable of downloading and running more malware, stealing account information along the way. It also logs keystrokes and can forcibly encrypt the contents of hard drives, holding data to ransom until a payment is made (typically with cryptocurrency).

The Gozi malware previously mentioned was ranked as Switzerland’s ninth most critical cyberthreat.

Monero-mining malware has certainly become notorious. Not long ago, security researchers found that more than two million previously undiscovered variations of the supposedly neutral CoinHive script were released in just three months.

Get the TNW newsletter

Get the most important tech news in your inbox each week.