Password and credit card-stealing Azorult malware adds new tricks

By: Danny Palmer

Skull of death symbol on the screen of smartphone on laptop computer. There is data flowing background. Selective focus on screen of the phone.

Malware can now steal more types of cryptocurrecny and comes with other updates, likely in response to a free version being leaked online.

A form of password, credit card details and cryptocurrency-stealing malware has been updated, making it even more potent for cyber criminals.

The Azorult malware has been been operating since 2016 and enables crooks to steal credentials including passwords, credit card details, browser histories and contents of cryptocurrency wallets from victims.

Now a new version of it is being advertised in an underground forum, as uncovered by researchers at tech security company Check Point, who describe it as “substantially updated”.

New features include the ability to steal additional forms of crpytocurrency from the wallets of victims – BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore and Exodus Eden.

Reflecting the fast pace of malware development, the developer of Azorult also boats improvements to the cryptocurrency wallet stealer components and improvements to the loader.

Researchers also note some behind-the-scenes changes compared to previous versions of the malware, including a new encryption method to obfuscate the domain name, as well as a new key for connecting to the command and control server.

More: https://www.zdnet.com/article/password-and-credit-card-stealing-azorult-malware-adds-new-tricks/

John McAfee’s Bitfi cryptocurrency wallet was hacked by a security duo

By: Pierluigi Paganini

A security duo composed of Saleem Rashid and Ryan Castellucci demonstrated that it is possible to hack the John McAfee’s Bitfi cryptocurrency wallet.

Today let’s discuss John McAfee’s cryptocurrency wallet, the Bitfi wallet, defined by the popular cyber security expert “unhackable.”

Unfortunately, nothing is unhackable, and the Bitfi wallet was already hacked two times.

The Bitfi wallet is an Android-powered hardware device for storing cryptocurrencies and crypto assets.

A team of security researchers called THCMKACGASSCO devised a new attack that could allow them to steal all the stored funds from an unmodified Bitfi wallet.

The wallet relies on a user-generated secret phrase and a “salt” value to cryptographically scramble the secret phrase. The experts who devised the attack explained that the secret phrase and salt can be obtained allowing the attackers to generate the private keys and stole the funds.

“The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.” reported Techcrunch.com.

“But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen”

The security duo composed of Saleem Rashid and Ryan Castellucci, members of a the THCMKACGASSCO, developed the exploits for the attack and published a video PoC for the hack. In the video PoC is shown that setting a secret phrase and salt, and running a local exploit, it is possible to extract the keys from the device.

The video shows the attack can take less than two minutes to be executed.

More: https://securityaffairs.co/wordpress/75821/hacking/bitfi-wallet-hacked.html

This Secure Phone Has a Built-In Cryptocurrency Wallet

By: Rob Marvin

Encrypted device maker Sikur’s new secure smartphone sports a native cryptocurrency wallet. Should you trust it?

BARCELONA—Smartphone makers will never stop trying to one-up each other on security features, so I suppose it was only a matter of time before one capitalized on the cryptocurrency boom and built an encrypted wallet app right into the phone.

Brazilian security software and encrypted device maker Sikur announced its new secure SikurPhone here at Mobile World Congress, which includes a built-in cryptocurrency wallet called SikurWallet. It can track token prices, create multiple wallets for different cryptocurrencies, and sync with exchange platforms such as Coinbase.

Sikur is all about security, and the cryptocurrency wallet is among many encrypted features on the device, including end-to-end encrypted messaging and chats, browsing, and voice and video calls. The SikurPhone is an evolution of the company’s Granite smartphone released in 2015, upgraded with a new user interface. Specs-wise, the SikurPhone has a 5.5-inch display, 4GB of RAM, 64GB of storage, a 13MP rear and 5MP front camera, and a 2800mAh battery.

Sikur launched a bug bounty program through HackerOne to see if the SikurPhone could be hacked. Two months later, the platform’s global collective of hackers hasn’t cracked the phone, nor stolen any cryptocurrency from the wallet apps. The company said it’s establishing a permanent program with HackerOne to continue testing new versions of the software.

SikurPhone is available for pre-order starting at $799; the first units are expected in August. Take a closer look at the SikurPhone and its built-in cryptocurrency wallet below.

More: https://www.pcmag.com/feature/359530/this-secure-phone-has-a-built-in-cryptocurrency-wallet/9

Encrypted SIKURPhone protects data and cryptocurrency

By: Rob LeFebvre

The security-focused Granite Phone captured the interest of even non-corporate customers when it came out in 2015. Now the folks at Sikur are back with a next-generation , promising the first fully encrypted, hack-proof smartphone that can safely store cryptocurrencies. Only 20,000 units will be available for presale beginning February 27th at a promotional price of $799. The company expects to deliver them in August of this year.

The phone itself has a 5.5-inch “full HD” Gorilla Glass display, 4GB of RAM, 64GB of storage, a 13MP rear and 5MP front camera and sports a 2800 mAh battery. SIKURPhone also sports fingerprint authentication, which the company claims can help recover personal data if the device gets lost or you forget your password. It runs a fork of Android, and any third-party apps must be vetted and confirmed by the company before they’re available in an upcoming app store.

When the original Granite Phone came out, it was essentially for security-conscious governmental and corporate users, but the device found a pretty strong foothold with everyday consumers. SIKURPhone adds a secure cryptocurrency wallet along with its secure OS, communication systems and third-party apps. “Securely storing information on our devices is one of our strong points,” said CEO Cristiano Iop. “We succeeded with browser and messaging security. Then we asked, why not do it with ? Cryptos are stored seamlessly and securely on our cloud, without compromising safety.”

MORE: https://www.engadget.com/2018/02/27/sikurphone-encrypted-data-cryptocurrency-pre-order/

SikurPhone packs built-in ‘hack-proof’ cryptocurrency wallet.

By: Katie Collins

If you’ve recently amassed a cryptocurrency fortune and need a secure phone to manage it, look no further than the SikurPhone.

Are you paranoid about security and sitting on a cryptocurrency fortune?

Brazilian company Sikur unveiled a phone with a built-in cryptocurrency wallet at Mobile World Congress in Barcelona on Tuesday that might be just right for you.

The SikurPhone is the successor to Sikur’s GranitePhone, which it launched two years ago at the show. It offers the same supposedly “impenetrable security”, but with an updated interface and the ability to seamlessly store cryptos on Sikur’s secure cloud.

“Securely storing information on our devices is one of our strong points,” said Sikur SEO Cristiano Iop in a statement. “We succeeded with browser and messaging security. Then we asked, why not do it with cryptocurrency?”

Sikur claims its fully encrypted phone is “hack proof”, which feels like it’s just asking all hackers out there to prove it wrong.

To save them the trouble, Sikur challenged bug bounty company HackerOne to test the phone’s impenetrability over a two-month period. After putting the SikurPhone through rigorous testing, HackerOne told Sikur it hadn’t succeeded in cracking the device’s security.

More: https://www.cnet.com/news/sikurphone-packs-built-in-hack-proof-cryptocurrency-wallet-mwc-2018/