Javascript Library Poisoned with Malicious Software Allowing Hacker to Steal BTC

One renowned JavaScript library's current administrator lately poisoned certain open-source code, which was kept inside the library, with rogue software that could let a hacker take out Bitcoin from digital wallets such as Copay and Bitpay. Taking advantage of this, an attacker inserted malware onto Bitpay and Copay applications of editions 5.0.2 to 5.1.0. Bitpay has recommended its end-users for updating the app for acquiring the more fresh editions 5.2.0 and the subsequent ones that don't have the dangerous malware.

Github recently hosted a conversation according to which, the attack took place some three months back. At that time the actual minder of the malware who calls himself "dominictarr" on the Web transferred the program's control onto somebody who calls himself "right9ctrl." This second owner of the malware thereafter released one fresh code namely Event-Stream 3.3.6 which carried the malware. Many users of Github came to know that dominictarr made the move because he didn't have the time for maintaining the malware. Www.scmagazine.com posted this online dated November 28, 2018.

A report from Arstechnica reveals that right9ctrl injected the malware via two separate phases inside Event-Stream. During the initial phase, the attacker released the third edition, 8th September. This edition carried one module known as flatmap-steam which during the subsequent phase on 5th October was made up-to-date for carrying with it the malware crafted for capturing end-users' wallet details comprising their personal keys while transmitting them onto one remote server situated inside Kuala Lumpur.

Bugcrowd chief technology officer Casey Ellis said that right9ctrl managed working the hack via submission into the project, developing end-users' faith in the ruse and thereafter acquiring control. This attack's chief success is credited to modern software programs. The sole manner for overcoming this is by exercising intense and constant security testing.

Juniper Threat Labs' head Mounir Hahad disclosed the only good news i.e. there had occurred an extremely small number of single digit trials for linking up with the C&C server of the attacker backing support for copayapi[.]host that possibly augured well via suggesting that beyond a handful of individuals, not many had gotten impacted.

» SPAMfighter News - 12/3/2018