Week 40, 2019

Algo | ENS | Cosmos | MakerDAO | EOS | MasterMana

Never a dull week in blockchain security! Algo Capital looses $2 million after CTO’s phone gets hacked. The train-wreck that is FairWin has come to its expected end with the contract now sitting empty. High-severity vulnerabilities reported in Cosmos Tendermint protocol and multiple popular Ethereum smart contracts. A number of great security tools and research articles were also published this week including the long-awaited Smart Contract Security Verification Standard.

Hacks

Crime

Vulnerabilities

Research

Malware

  • The MasterMana Botnet: Anatomy of the $160 Dollar Hack - a detailed malware and actor report behind the MasterMana botnet. The actor (likely related to the Gorgon Group) was harvesting users’ credentials as well as cryptocurrency wallets using a commodity malware AZORult and Revenge Rat readily available on Russian forums.

    Indicators:
    hxxp://216[.]170[.]126[.]146/2ky/index.php
    hxxp://216[.]170[.]126[.]146/ahsan/index.php
    hxxp://23[.]249[.]163[.]135/index.php
    hxxp://speeddfox[.]duckdns[.]org
    hxxp://rgalldmn[.]duckdns[.]org

    See article for additional indicators.

  • Casbaneiro: Dangerous cooking with a secret ingredient - a malware analysis of a banking trojan targeting various financial and cryptocurrency organizations in Latin America. The malware is capable of traditional backdoor functionality as well as additional modules used to steal user credentials, sending emails, and replacing cryptocurrency addresses in the clipboard.

    Indicators:

    hostsize.sytes[.]net:7880
    agosto2019.servepics[.]com:2456
    noturnis.zapto[.]org
    4d9p5678.myvnc[.]com
    seradessavez.ddns[.]net:14875


    Bitcoin Wallet: 18sn7w8ktbBNgsX8LeeeLMqKS84xMG54si

Tools

  • Brownie: Evaluating Solidity Code Coverage via Opcode Tracing - a new framework for Ethereum smart contract testing through code coverage analysis.

  • VeriMan Project - a new analysis tool for Solidity smart contract. It helps instrument VeriSol, Manticore, and optionally Echidna to effectively discover vulnerabilities through counterexample discovery and fuzzing smart contracts. You can download the tool source here.

That’s all for this week in blockchain threat intelligence. I hope you enjoyed this issue and feel free to join /r/BlockSec for more regular news updates.


Protect Your Crypto

Buy a hardware wallet: