Cryptography is a science, it involves writing codes (ciphers), in order to have secure communication. Dating back, as far as the Egyptian and Mesopotamian writings of symbol replacement, the earliest version of cryptography were found in the tomb of an Egyptian noble Khnumhotep II, some 3,900 years ago was used to enhance a linguistic appeal in his time – while a scribe from Mesopotamia first used it to conceal information.
The cryptography of today is formally known as digital encryption. It uses advanced math to secure our funds, making sure that nobody else can use them. It cannot be hacked or tampered with – it’s the security of the currency. You don’t need to understand it ineptly except you want to, the applications where cryptocurrencies are generated or stored will do all the brainwork.
The cryptocurrency was made to hide personal information regarding finance and make man independent of the government’s governance and control over finances, giving that power back to the people. The downside to this is that the big criminals are not seating as representatives of the people but are amongst the people. What happens when that power and security is attacked by criminals amongst the people who are good at what they do?
There have been successful attempts testing the strength of this anomaly even the use of malware. The popular ones are the use of smart which are granted access to your wallet, duplicate applications, phishing, etc. Malware is the newest on the list.
All-Access Access to your Wallet
Allowing a transaction to run by accepting the interaction of a token or smart contract with your BSC address of Trust Wallet to maximize your cryptocurrency holdings might be the finger whom you fed that will bite. Using a DApp on the Binance Smart Chain (BSC) network with your browser of Trust Wallet, you go through common processes such as:
Swapping one token for another in an Automated Market Maker (AMM)
Providing liquidity to a pool
Staking a token
These processes, just in case you were not aware, authorize the BSC addresses to spend your tokens with Trust Wallet. Many of these permissions that you grant tend to remain active for a long time and in most cases permanently. These spend permissions could allow dishonest teams or individuals to transfer all of your approved tokens at any time without asking for further permission from you.
The BSC Allowance Checker is a very useful tool that gives you a list of all the addresses of tokens and smart contracts to which you have provided access in the past in the Binance Smart Chain network. This awards you security and control over your resources or funds.
This particular fraud is scary because it gives full access to your wallet by getting you to send your private key. Earlier, cryptography was described as a form of digital encryption (encryption is just a fancy way of saying ‘hiding information using symbols or by replacing symbols’ or simply ‘codes’). When encryption is underway, to decrypt it, there needs to be a decrypting code.
The decrypted information in cryptocurrency that we see is the public key, it is like the name on a bank account. A private key is a password or code used in decrypting the public key, it’s usually given to a user when they first create a wallet. In cryptocurrency, you share the public key (wallet address) and keep the private key away from the public eye (password).
The perpetrators create a similar version of a trusted and popular cryptocurrency application or wallet to lure new users or users to reinstall or changing mobile phones to using their application. I personally experienced one with the very popular crypto wallet application – Trust Wallet – but I wasn’t a victim because I took precautionary measures like going all the way to the website of the application to get a link to the wallet, I implore you to do the same.
Another method of achieving this would be to take over an original website and ask for sensitive information. One incidence happened with a DApp on Trust Wallet.
Malware in crypto has been operating for a year now. They are elusive, targeting crypto wallets draining victims’ funds. Malware operations include a variety of detailed tools that dupes victims, including a marketing campaign, custom cryptocurrency-related applications.
One malware is called ElectroRAT because it’s a remote access tool that was embedded in apps built on Electron, an app-building platform. Hence, ElectroRAT. To lure in victims, the ElectroRat attackers created three different domains and apps operating on multiple operating systems.
The pages to download the apps were created specifically for this operation and designed to look like legitimate entities. The associated apps specifically appeal to and target cryptocurrency users. “Jamm” and “eTrade” are trade management apps; “DaoPoker” is a poker app that uses cryptocurrency. Based on the researchers’ observations of the malware’s behaviours. More than 6.5 thousand people may have been compromised.
Using fake social media and user profiles, as well as paying a social media influencer for their advertising, the attacker pumped the apps, including promoting them. The posts encouraged readers to look at the professional-looking websites and download the apps when, in reality, they were also downloading the malware.
ElectroRAT has various capabilities, it can take screenshots, key logs, upload folders/files from a victim’s machine, and more. Upon execution, it establishes commands with its command-and control-server and waits for commands.
Panda on the other hand targets data theft. It uses spam emails and the same rare file-less distribution method (the file-less distribution used in this case means there is no signature for antivirus software to detect the threat, and it can bypass detection) as a separate recent attack. The new ransomware attack is going after cryptocurrency wallets, along with account credentials from other applications such as NordVPN, Telegram, Discord, and Steam.
The attack begins with spam messages that contain a malicious attachment. The attachment uses PowerShell scripts, task automation, and configuration management coding language Microsoft, to download the actual Panda Stealer malware (in encoded form), which is then loaded without files onto the affected system.Read more andmore.
Crypto wallets are now as big of a target for online theft as banking accounts are with more people getting into cryptocurrencies and the values of said cryptocurrencies still increasing, this will only become a greater threat moving forward. It is speculated that a higher bitcoin price attracts more malware, attacks like this are likely to increase.
We will see attackers devote greater and greater resources to coming up with new ways to part people from their private keys. There is more risk here because unlike with a bank robbery or credit card theft, there may not be a central authority that can undo malicious transactions. Once you lose your money and the transaction goes on the blockchain, it’s likely gone forever.
How do you stay safe, unscathed by the woes of loss?
First off guard your keys like as if they were your virginity.
When you’re looking into new apps, avoiding shady websites and forums.
Only install software that is well-known and properly reviewed; look for apps with lengthy reputation histories and sizable install bases.
Secure your cryptocurrency wallets by using strong, unique passwords.
Not opening up attachments sent via email.
Make sure you don’t click on unknown links.
Keep software upgraded.
Don’t use wallets that store the private keys on your laptop/desktop; private keys should be stored on dedicated hardware devices. Store your crypto in cold hardware wallets and write down seed phrases rather than just storing them on your computer. Both of these techniques make them inaccessible to malware that trolls your online activity.
If the wallet you’re using offers multifactor authentication, use them.
And, of course, you should move your funds to a new crypto wallet and change all your passwords.
For investors who are more interested in holding cryptocurrencies for the long term instead of actively trading them, the use of hardware-based/offline wallets may well be safer.
There are secondary steps that can be taken if you think your computer might have already been compromised. To make sure you are not infected, it is recommended that [you] take proactive action and scan your devices for malicious activity. You need to kill the processes running and delete all files related to the malware. You also need to make sure your machine is clean and running non-malicious code. Intezer has createdEndpoint Scanner for Windows environments andItezer Protect, a free community tool for Linux users.
Credit:Coin Desk and https://community.trustwallet.com
Risk warning: Use the training services of Learnbtctrade Academy to understand the risks before you start operations. Past profits do not guarantee future profits.