Thursday, 03 August 2017 20:32 Written by
Published in Cyber security

Cyber Security Threats: “Don't you be the next easy target”

Part 5

In this blog, I examine some common types of Data-stealing Malware, attempted Cyberattacks on Apple Mac OS and Cryptocurrency Cyber-attacks.

Information-stealing malware: iOS and OSX malware

Phone numbers, email addresses, and other contact details are valuable information for malware writers. Many malicious or potentially unsuitable applications (PUAs) may attempt to collect this data from infected devices and send it to attackers. Apart from sending SMS messages to invite users to install malicious apps, some attackers also spread them through Twitter and WhatsApp messages. In Japan, a group behind the Godwon Infostealer malware collected contact details and then attempted to extort users, after sharing compromising photos and videos with attackers.

iOS malware

Due to the popularity of Apple’s iPhone platform (iOS), researchers have increased investigation of the security of the iOS platform. Prior to 2015, there have not been any successful malware attacks on Apple’s App Store. However, in 2015 several instances of malware penetrations of Apple’s App Store were noted. In September 2015, malicious information-stealing malware known as XCodeGhost appeared as a consequence of an attacker’s modification of Apple’s Xcode programming environment, which was shared among developers in China. This resulted in the reported removal of several hundred apps, many of them from reputable companies and developers of iOS apps.

 iPhones and iPads that have been “jailbroken” are more susceptible to malware. Jailbreaking involves the unlocking of the device by those who wish to install unofficial or unauthorized apps. Around the same time that XCodeGhost managed to intrude into Apple’s App Store, two other families targeting third-party app stores for jailbroken phones became prevalent: YiSpecter (malware that uses private Application Programming Interfaces (APIs) to perform malicious actions) and Keyraider (malware that steals Apple account usernames and passwords via interception of iTunes traffic on the device). Interestingly, all major iOS malware families have targeted Chinese and Taiwanese users.

Although the total number of iOS malicious apps is relatively low compared to other malware platforms, a recorded growth of 235% in iOS malware during the last year indicates that it should be closely monitored in 2017.

OSX malware

As with iOS there have been relatively few examples of malicious malware created to run specifically on Apple Mac’s OSX. Perhaps the most interesting examples are Bitcoin stealers such as CoinThief or Bitcoin mining malware, which uses a computer’s resources to mine Bitcoins for the benefit of the attacker.

An estimated 99% of all newly discovered threats on the Mac OSX belong to the category of potentially unwanted applications (PUAs). They are usually installed in a bundle along with useful, solicited applications. Once installed, PUAs may download and install additional components or display advertisements through browser plugins such as VSearch. The most commonly encountered OSX PUA is known as Macnist, which encompasses several downloader families.

Although the malware protection module Gatekeeper, built into the OSX operating system, is improving with every new release, this year has seen several successful attacks designed to bypass it.

In April 2017, the new OSX.Dok malware was discovered. OSX.Dok uses sophisticated means to monitor and potentially alter HTTP and HTTPS traffic to and from the infected Mac. It attempts to capture account credentials for users logging into websites, which then allows for potential theft of cash and data. In addition, the stolen data being sent and received is modified for the purpose of redirecting users to malicious websites in place of legitimate ones.

Bitcoin Blockchain and malware

The blockchain is a distributed database that maintains a continuously growing list of records called blocks, secured from tampering and revision. Each block contains a timestamp and a link to a previous block.

The blockchain is a technology that underlies Bitcoin cryptocurrency, serving as the public ledger for all transactions. It was conceived in 2008 and first implemented in 2009. The user is able to connect to the network, send new transactions to it, verify transactions, and take part in the competition to create new blocks. The competition creating new blocks is known as mining. A blockchain consists of blocks that hold batches of valid transactions. Each block includes the hash of the prior block in the blockchain, linking the two. The linked blocks form a chain.

In addition to a secure hash based history, a blockchain database has a specified algorithm for scoring different versions of the history so that one with a higher value can be selected over others. Peers supporting the database don't have the exact same version of the history at any one time, rather they keep the highest scoring version of the database that they currently know. Whenever a peer receives a higher scoring version (usually the old version with a single new block added) they extend or overwrite their own database and retransmit the improvement to their peers. There is never an absolute guarantee that any particular entry will remain in the best version of the history forever, but because blockchains are typically built to add the score of new blocks onto old blocks and there are incentives to only work on extending with new blocks rather than overwriting old blocks, the probability of an entry becoming superseded goes down as more blocks are built on top of it. Blockchains are a technology that may be integrated into multiple areas. Examples include a payment system and digital currency, facilitating crowd sales, or implementing prediction markets and generic governance tools.

Major applications of blockchain include crypto-currencies, including Bitcoin, BlackCoin, Dash, Nxt and Ripple and blockchain platforms, Factom as a distributed registry, Gems for decentralized messaging, MaidSafe (software) for decentralized applications, Storj for a distributed cloud, and Tezos for decentralized voting.

The Harvard Business Review conducted a two-year research project exploring how blockchain technology can securely move and store host "money, titles, deeds, music, art, scientific discoveries, intellectual property, and even votes". As of 2016, some parts of the financial industry are implementing distributed ledgers for use in banking.


Cryptocurrency is a medium of exchange using encryption techniques or cryptography to regulate and secure transactions. It controls the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies.

Bitcoin became the first decentralized cryptocurrency in 2009. Since then, numerous cryptocurrencies have been created. These are often called Altcoins, a blend of Bitcoin alternative.

Cryptocurrencies use decentralized control as opposed to centralized electronic money/centralized banking systems. The decentralized control is related to the use of Bitcoin's blockchain transaction database in the role of a distributed ledger.

“Cryptocurrency” Cyberattacks (abstract)

 Following are several examples of Cyberattacks on Cryptocurrency which illustrate the dangers they face.

  1. The Decentralized Autonomous Organization (DAO) has admitted becoming the victim of a cyber attack in which an attacker was able to drain the platform of the cryptocurrency Ether.

Founded in 2014, the crowdsourced company offers a blockchain app platform used to fund various projects through virtual currency.

The DAO's decentralized platform runs smart contracts and uses isolated servers in an attempt to reduce the "possibility of downtime, censorship, fraud or third party interference," but the cyber attack is likely to raise the same security worries of virtual currency that Mt. Gox and various other cryptocurrency platforms prompted.

Vitalik Buterin, co-founder of Ethereum, said in a statement that the cyber attack was found while the attacker was draining the DAO of funds, and asked that users stop trading temporarily.

Buterin said: "The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting Ether many times over in a single transaction."

Trading has now resumed and DAO has proposed a software fix which will stop the cyber attacker withdrawing funds after a 27-day window, giving the project time to mull over its options and ways to try and recover investor funds.

DAO has not revealed how much Ether was stolen during the hack. However, the New York Times reports it could be up to $50 million. The executive emphasised that the vulnerability that affects the DAO specifically and "Ethereum itself is perfectly safe," but this hasn't stopped faith in the cryptocurrency being shaken. At the time of writing, the price of Ether has plunged by roughly 11 percent and 1 ETH is now worth $11.29. Over the last few days, DAO has crowdsourced a number of bugs and security flaws, which need to be addressed to keep investor funds safe from future attacks:


  1. The price of Bitcoin has plummeted once more after a major digital currency exchange in Hong Kong admitted that over $72 million worth of the cryptocurrency might have been stolen flowing a cyberattack on the company’s systems.

Hong Kong-based exchange Bitfinex halted trading after discovering a “security breach” that resulted in “some” of their clients losing their bitcoins. While the company did not announce the scale of the attack, some estimates show up to 120,000btc have been moved out of the users’ online wallets, which equals to roughly $65 million at current prices.

“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen,” the company said. Also stopping any withdrawals and deposits, the company said it is now working with authorities to investigate the matter.

“We will look at various options to address customer losses later in the investigation. While we are halting all operations at this time, we can confirm that the breach was limited to Bitcoin wallets; the other digital tokens traded on Bitfinex are unaffected,” Bitfinex said in a statement:


Dr. Oleksandr Kyselevskyi

Dr. Oleksandr Kyselevskyi is one of the founders, Acting Managing Partner, Member of Supervisory Board and Chief Scientific Advisor of the Intecracy Group in Ukraine. He has extensive experience in scientific research in the fields of Applied mathematics, Mathematical modelling; Telecommunications; Complex Systems control, Modelling & optimization; IT Security/Cyber Security; Cryptography and its applications (including technology of full information cryptographic protection).

This email address is being protected from spambots. You need JavaScript enabled to view it.


« March 2018 »
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  


© 2016 Intecracy International Limited

Intecracy Power of Intellect® and logo is a registered trademark of Intecracy International Limited