New malware have been discovered in the cryptocurrency world. Based from a blog post by Radware, reports about a discovery by cybersecurity researchers. Cybercriminals are able to abuse a Chrome plugin named “Nigelify” with a malware code in order to steal personal information and secretly mine cryptocurrency.
The Chrome extension is able to bypass Google’s extension validation checks by creating copies of genuine extensions and insert the short malware script. According to the post, the group behind this malware campaign may have been active since March of 2018.
The researchers believe that the malware may infected over 100,000 different machines in over 100 countries. Three countries that were mostly affected were Venezuela, Ecuador and Philippines.
They also think that this malware was able to mine cryptocurrencies like Electroneum, Monero, and Bytecoin through which an algorithm called “CryptoNight”. This malware was already able to mine $1000 worth of cryptocurrencies, mostly Monero within the span of six days.
As a solution, here are some tips on how you can defend yourself from this new malware:
Research on Cryptocurrency
It takes skill and personal responsibility to secure your digital money. You don’t want to wake up one day and find that someone hacked your machine and took off with $10,000 of your hard-earned money.
Cryptocurrencies are decentralized and that’s awesome. But since there are no governing bodies for cryptocurrencies, there is nobody to call to get your money back. You can’t dispute the transaction. There’s nobody to reset your password if you forget it. If someone rips off your Bitcoin, they’re gone. It’s up to you to keep them safe. So be truthfully honest with yourself.
Have a good backup
Hardware and software are replaceable. Your data is not. Once it’s gone, it’s gone. Get yourself an external hard drive or two. Never back up to just one external disk and consider it done. But the most critical step is an offsite backup. Of course, if you’re carrying one of these USB sticks around, they have a habit of going missing. For that reason, you might want to consider an online backup to the cloud.
Encrypt your data
If you’re storing sensitive data, you’d better encrypt it. It is recommended to make several encrypted file containers for wallet backups and passwords.
Minimize your mobile wallets
Mobile wallets like Coinomi and Jaxx are great for having a little spending cash with you at all times. However, under no circumstances should you carry a lot of crypto on a smartphone. Carry only a very small amount of cash. If you lose your phone or your phone is compromised your funds are gone forever.
Have a legit anti-virus
You don’t get to grab some freeware anti-virus and consider yourself protected. Free antiviruses offer limited protection and are often given away as a marketing gimmick. For full protection, get a licensed copy. An Anti-virus software requires constant updates and a dedicated team of professionals behind it to deliver those updates. Those teams cost money. Since the bad guys never sleep, so must your anti-virus protection work around the clock as well. You cannot afford to settle for free.
Use two-factor authentication
Finally, if you’re trading on the exchanges, you absolutely must enable two-factor authentication. Usually that means adding software to your smartphone, like Google Authenticator or Authy. Each site is a little different to set up, but not much.
While no method is entirely free from threat, storing coins offline drastically reduces the chances of losing your investment through digital means, exchange compromise, exchange insolvency, ransomware attacks, other cybercriminal operations. It is still as important as ever to remain vigilant of real-world threats such as loss, theft, or damage of private keys. Always protect your private keys, and ensure to replace them immediately if there is any indication that their privacy may have become compromised.