Electrum Bitcoin wallets have been facing cyber-attacks since last December and the ongoing attack has become bigger as the attackers are now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users. The stolen user’s amount constitutes to USD 4.6 million.
The hackers performed the attack by exploiting a weakness in the Electrum infrastructure to trick wallet users into downloading the malicious versions of the software.
In short, the hackers inserted some malicious servers to the Electrum peer network that were designed to intentionally display an error to legitimate Electrum wallet apps, urging them to download a malicious wallet software update from an unofficial GitHub repository.
Using the phishing technique, the criminals managed to steal wallet funds of almost 250 Bitcoins which is equivalent to about $937,000 and take complete control over the infected systems.
The developers of Electrum exploited the same technique used by the attackers to urge the users to upgrade by downloading the latest patched version of the wallet app. According to a tweet by the developers, the Electrum clients older than 3.3 could no longer connect to public electrum servers.
As a reply to this, the attackers started to do DDoS the legitimate Electrum servers to trick older clients into connecting to malicious nodes, while legitimate nodes becoming overwhelmed.
The Malwarebytes Labs’ research team has published that the number of infected machines that downloaded the malicious client software has reached 152,000.
The attackers behind these campaigns are basically distributing a botnet malware, dubbed “ElectrumDoSMiner,” by primarily leveraging RIG exploit kit, Smoke Loader and a new previously undocumented BeamWinHTTP loader.
The researchers state that the largest concentration of the Electrum DDoS bots is located in Asia Pacific region, Brazil and Peru and the botnet is continually growing.
However, the updated versions of Electrum are not vulnerable to the phishing attacks and so the users are recommended to update their wallet apps to the latest version (3.3.4) by downloading it from the official electrum.org site.
All the Electrum wallet app users are requested to disable the auto-connect feature and select their server manually to prevent against DDoS attacks.