A hacker was able to hack Syscoin and replace the official Windows client with added Malware. The poisoned Syscoin Windows client contained Arkei Stealer, a malware that specialises in stealing passwords and private keys of the wallets. The malware was detected as Trojan:Win32/Feury.B!cl.
The developers of Syscoin has issued a warning to the users who have downloaded the Syscoin client between June 9th, 2018 10:14 PM UTC to June 13th, 2018. The following versions are affected by the malware:
syscoincore-3.0.4-win32-setup.exe
syscoincore-3.0.4-win64-setup.exe
The Hackers only affected the Windows Client and the other files that are available in the v3.0.4.1 release. The 3.0.4.1 release also included the files for Mac and Linux Builds. The Syscoin client was used to mine the new Syscoin Cryptocurrency and also allow users to run Syscoin funds, The incident came to light yesterday when the Syscoin team received a warning from the users of the Windows Defender SmartScreen installing Windows Syscoin client as malicious.
The incident came to light because users reported that Windows is showing Syscoin as malicious. After a deep investigation by the company, the team has discovered that a Hacker compromised one of its developers GitHub account and committed the malware code.
All Windows users should identify their installation date:
- Right-click on syscoin-qt.exe in C:\Users[USERNAME]\AppData\Roaming\SyscoinCore or view in detailed list mode and make a note of the modified date.
- OR go to Settings->Apps and make a note of the installation date.
If the modified/installation date is between June 9th, 2018, and June 13th, 2018, take the following precautions:
- Backup any important data including wallets onto another storage medium outside of the affected computer. Treat this data cautiously as it may contain infectious code.
- Run an up-to-date virus scanner on your system to remove the threat.
- Passwords entered since the time of the infection should be changed from a separate device after ensuring the threat has been removed.
- Funds in unencrypted wallets or wallets that had been unlocked during the infection period, should be moved to a newly generated wallet on a secure computer.
The users who have downloaded the Syscoin client in the above-mentioned dates should reinstall it by removing the client completely. There are some guides on how to remove this malware but its best preferred to remove the OS and reinstall it to be on the safe side.
The Syscoin team has apologized for its developer’s mistake and told that it would want the developers to implement the 2FA and perform the routine file signature checks.
Take your time to comment on this article.
Source: BleepingComputer
