Malicious WordPress plugin can secretly mine crypto

Cybercriminals are now targeting WordPress websites using malicious plugins to plant cryptojacking malware. According to a new report, the plugins are also being used to give the attackers access to the compromised server. These plugins have been increasing over the past few months, probably as a result of their success.

The report by website security company Sucuri revealed that interest in WordPress plugins by attackers has steadily risen in the past few months. These plugins always appear harmless at first glance, but they are used by the attackers as “a backdoor for the attacker to maintain access to the compromised website environment, even after the initial infection vector has been cleaned up.”

In the past, these plugins have been used for different purposes, including in August this year when Sucuri discovered that they were being used to encrypt blog content.

The blog post stated, “We recently discovered a number of compromised websites containing a plugin called “wpframework”. This plugin is being planted by bad actors to gain and maintain unauthorized access to the site environment.” The plugin contains the following information on its header:

Malicious WordPress plugin can secretly mine crypto

Once a website owner installs the plugin, it first checks to see if there are any disabled functions. It then scans for the usual, including system and passthru functions which give the attackers command execution ability on the compromised server.

Unlike most backdoors that only focus on a PHP execution, this plugin changes permissions upon downloading and runs a Linux executable binary file which the researchers identified as a cryptominer.

The report concluded, “What is especially concerning about this particular fake plugin is that it can be easily used to just run just about any code through the eval function. The good news is that monitoring for changes to the active plugins on your website and unauthorized access is a good way to mitigate risk and prevent this from happening.”

As CoinGeek recently reported, last week saw the discovery of the first cryptojacking worm known as Graboid as well as the use of WAV files to spread cryptojacking malware.

Malicious code hiding in WAV audio can mine crypto

Security researchers have discovered a new campaign by cybercriminals that’s hiding cryptojacking malware in WAV audio files. This comes just days after the first cryptojacking worm, known as Graboid, was discovered by another group of security experts, indicating just how rapidly the tactics are shifting. In this new campaign, the criminals were reportedly weaving in a loader component for decoding and executing malicious content throughout the file’s audio data.

This new campaign was discovered by Cylance, a California-based subsidiary of BlackBerry that develops antivirus programs. In a blog post, the researchers revealed that some of the WAV files contain code associated with the XMRig Monero CPU miner. Others contained Metasploit code used to establish a reverse shell, effectively giving the attackers unrestricted access to their victim’s machine.

The researchers stated, “Both payloads were discovered in the same environment, suggesting a two-pronged campaign to deploy malware for financial gain and establish remote access within the victim network.”

What makes the attack very difficult to detect is that embedding the malware has no effect on the quality of the files.

“When played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise),” the report stated.

Even more significantly, this type of attack proves that cybercriminals can hide malware into any type of file, the researchers noted. The report noted, “These techniques demonstrate that executable content could theoretically be hidden within any file type, provided the attacker does not corrupt the structure and processing of the container format. Adopting this strategy introduces an additional layer of obfuscation because the underlying code is only revealed in memory, making detection more challenging.”

The practice of hiding malware in plain sight isn’t a new concept. However, this marks the first time that audio files have been used to spread crypto mining malware, proving just how popular cryptojacking has become.

The report concluded, “Analysis revealed that the malware authors used a combination of steganography and other encoding techniques to deobfuscate and execute code. These strategies allowed attackers to conceal their executable content, making detection a challenging task.”

As CoinGeek recently reported, security researchers from Palo Alto Networks’ Unit 42 recently discovered a new cryptojacking worm which they named Graboid. Thought to be the first of its kind, the worm uses its hosts to mine Monero while spreading to other systems.

New malware uses Telegram app to replace crypto addresses

Cybercriminals are exploring every method they can to get to your crypto, and the latest malware is proof of the ever-evolving tactics. Known as Masad Stealer, the new malware strain uses the Telegram messaging app to exfiltrate the stolen information. Other than stealing crucial information such as browser passwords, the malware is able to replace crypto addresses from the clipboard with addresses controlled by the attackers.

Masad Stealer was discovered by security researchers from Juniper Labs. In their report, the researchers revealed that the malware is being advertised on black market forums under the name ‘Masad Clipper and Stealer.’ The most basic version of the malware is offered for free, with additional features being charged in tiers, the highest of which goes for $85.

There is at least one website, masadproject.life, dedicated to promoting the malware. The attackers have also established a Telegram group for their clients which already has hundreds of members.

The attackers’ main distribution tactic involves posing as legitimate software or bundling the malware into third-party tools. Some of the popular software products they have targeted include CCleaner, Tradesanta, Iobit, ProxySwitcher and Samsung Galaxy Software Update.

The malware is difficult to notice as it’s small in size, averaging 1.5 MB. Once it’s downloaded, it executes and immediately gets to work, collecting sensitive information from the host. This information includes system information, browser passwords, autofill browser fields, browser cookies, credit card browser data and cryptocurrency wallet addresses.

To ensure that it’s almost always running, the malware creates a scheduled task on the host machine that initiates every one minute.

It’s with cryptocurrency users that Masad Stealer is most lethal. The malware has been configured to recognize cryptocurrency addresses for over 20 cryptos, from BTC, Ethereum and Zcash to XRP, Dash and Lisk. Once the host copies a crypto address to the clipboard, the malware switches it with an address that belongs to the attackers.

One of the BTC addresses that the attackers have been swapping with has already registered 193 transactions, receiving 0.95 BTC at press time which is worth $7,500.

The report concludes, “Juniper Threat Labs believes that Masad Stealer represents an active and ongoing threat. Command and Control bots are still alive and responding as of this writing, and the malware appears to still be available for purchase on the black market.”

It’s been a hot summer for crypto malware, as CoinGeek reported recently. This year has seen a rebirth in the crypto malware menace, with millions of dollars being stolen in the past few months alone. Some of the most lethal malware campaigns include SkidMap which targeted Linux systems, Panda which is reported to be operated by Chinese hackers, Glupteba which relies on the BTC blockchain for extra resilience and Norman which is able to avoid detection.

Linux malware masks illicit crypto mining with fake network traffic

A new cryptocurrency mining malware targeting Linux systems has demonstrated how complex this type of malware has become. Known as Skidmap, the malware is not only harder to detect, it also gives the attackers unfiltered access to the affected system.

The malware was discovered by security researchers from TrendMicro. In a blog post, the researchers revealed that the malware can set up a secret master password that gives the attackers access to any user account on the system.

The malware installs itself through crontab, a list of tasks schedule to run on regular intervals, the researchers explained. Upon execution, the malware decreases the affected machine’s security settings. It does this by disabling the Security Enhanced Linux (SELinux) module, a security module which provides support in the system’s access control policies.

Skidmap also gives the attackers backdoor access to the affected machine by adding the attacker’s public keys to the list of keys needed for authentication.

Furthermore, it replaces the system’s authentication module known as pam_unix with its own malicious version. This version accepts a specific password set by the attackers for any user on the system, allowing them to log in to any user account at will.

To avoid detection, Skidmap loads several other malicious components onto the affected machines. One of these is a netlink rootkit that fakes the network statistics, specifically traffic involving certain ports and IP addresses. It also fakes CPU-related statistics, making the affected machines appear to be running normally. With high CPU usage being one of the more renowned red flags of a cryptojacking malware, this is a key strategy for the attackers.

The researchers revealed to The Next Web that Skidmap mines Monero, one of the leading dark coins. “The cryptocurrency miner pertaining to this article is a variant of XMRig which mines Monero cryptocurrency,” they stated.

The researchers advised, “Given Linux’s use in many enterprise environments, its users, particularly administrators, should always adopt best practices: keep the systems and servers updated and patched (or use virtual patching for legacy systems); beware of unverified, third-party repositories; and enforce the principle of least privilege to prevent suspicious and malicious executables or processes from running.”

Cryptojacking malware attacks surged by 29% in the first quarter of the year, a report by McAfee Labs revealed last month. The attackers have continued to find new ways to stay ahead, with a recent report revealing that Glupteba malware is using the Core Coin (BTC) blockchain to increase its resilience.

Facebook messenger malware FacexWorm targets crypto platforms

Facebook messenger malware FacexWorm targets crypto platforms

FacexWorm, a malicious Google Chrome extension, has been targeting cryptocurrency trading platforms via Facebook Messenger, according to a Trend Micro report.

This was not the first time FacexWorm has targeted unsuspecting users. The malware was first uncovered last year in August by Kaspersky labs researcher David Jacoby. At the time, it was unclear how it operated and the purpose for its creation. Eight months later,Trend Micro noticed on April 8 activities that resembled the malware. At the time of discovery, there were already reports of FacexWorm attack in countries like Tunisia, Germany, Spain, Japan, Taiwan, and South Korea.

The new version of FacexWorm works similarly like the old version with few new adjustments. In addition to sending socially engineered links to friends from an affected Facebook Messenger account, it can steal users account and credential details. FacexWorm also causes cryptocurrency fraud, puts malicious cryptocurrency mining codes on a website and redirects users to attackers’ referral link for cryptocurrency related programs. It can also hijack cryptocurrency transactions and steal money from platforms, such as Poloniex, HitBTC, Bitfinex, Ethfinex, and Binance, and wallets like Blockchain.info.

According to the report, users who opened the link were redirected to a fake YouTube page, where they will be asked to install a codec extension—FacexWorm—to play the video. Finally, users will get a request for “privilege to access,” and change data on the opened website. Once granted access,FacexWorm will download malicious codes to help in executing its operations.

The malware has only been able to affect a small group of people, according to the Trend Micro team, which has so far been able to identify one BTC transaction that was affected by FacexWorm. They were, however, not able to determine how many BTC coins have been earned from the malicious malware

Chrome has taken measures to remove and prevent attackers from uploading FacexWorm in their system.Facebook Messenger has also put measures to detect and prevent FacexWorm uploads by attackers. Trend Micro urges users to be careful while sharing information with friends.

Last year, Amazon had a malware attack that was uploaded to their Amazon Web Services servers. The malware executed BTC mining command that allowed mining using the company’s large process power to facilitate the process.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
UNICEF turns mining malware into good—donate computing power instead of cash

UNICEF turns mining malware into good—donate computing power instead of cash

In a funny twist, the mechanism commonly used as a mining malware is now being used for a good cause: UNICEF now allows you to donate some of your computing power instead of cash.

Since last year, several organizations—including government websites—have been plagued by a series of pestilent attacks based on several hacking tools leaked from the NSA. One of these tools gave birth to the CoinHive, a malware that had gained notoriety after discreetly being slipped into users’ computers through some usability plug-ins and secretly mined Monero for the hackers.

Now, Unicef is using a similar mechanism in order to generate funds without requiring donors to shell out their own cash. According to ZDNet, UNICEF’s donation platform is powered by the same Monero mining program. But unlike the Monero miner, the website—named theHopePage.org, clearly asks users for confirmation before using anybody’s system to mine for UNICEF Australia. Users can also adjust how much computing power they are willing to donate, and can simply keep the browser tab open to keep contributing. This gives people an opportunity to “give hope, just by being here,” as their website says.

“The longer you stay on the page and the more processor power you donate, the more algorithms get solved, which earns cryptocurrency,” they wrote in their website. “Mining is perfectly safe for your computer. If you’re ever worried about power consumption, turn down the amount of processing power you’re donating.”

Upon agreeing, the website then proceeds to use the viewer’s computing power to mine cryptocurrencies, the proceeds of which go directly to the fund, the organizations says.

“The cryptocurrency is automatically donated to UNICEF Australia and is turned into real funds that reach children through life-saving supplies like safe water, therapeutic food and vaccines. Turn the Hopepage into your homepage to give every day.”

As of last check, over 1,600 people were donating to the website.

This is not the first time UNICEF turned to cryptocurrency mining to solicit computing power donations. In February, they also appealed to online gamers, who are likely to have powerful graphics cards perfect for crypto mining. The website, Game Chaingers, would allow gamers to donate their computing power to help Syrian children, although attention to the website has died down since its launch.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
Europol takes down Ukranian gang suspected of using crypto to launder $1.2B

Europol takes down Ukranian gang suspected of using crypto to launder $1.2B

Authorities in Spain have arrested the leader of a cybercrime group behind the Carbanak and Cobalt malware attacks, which targeted over 100 financial institutions around the world. The mastermind behind this heist was allegedly an Ukranian national called Denis K. The operation was conducted in conjunction with Europol.

The gang, composed of Russian and Ukranian nationals, would manage to gain access to bank servers and networks through a series of emails sent to employees, according to Europol. The emails would eventually infect their computers and target valuable security data such as passwords, resulting in the group gaining access to account balances which they changed and even gave instructions to ATMs to issue large quantities of cash.

Authorities said the Cobalt malware alone allowed the cybercriminals to steal up to €10 million (U$12.4 million) per attack. In total, the group reportedly infiltrated banks in more than 40 countries, resulting in the loss of over €1 billion (US$1.2 billion).

The group also managed to set up a cryptocurrency farm, which they use to launder money. According to Europol investigators, “The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.”

The mastermind behind the group, who was identified as Denis K, operated from Spain and had accumulated about 15,000 BTC worth about $120 million, authorities said.

The operation to catch this gang was quite massive and involved the police from several countries including the United States, Taiwan in Asia and Romania in Europe. Denis K was eventually arrested in the Spanish port city of Alicante.

The Spanish Interior Minister announced that three other gang members were arrested alongside a massive haul of jewels worth half a million dollars, two luxury cars and properties. Bank accounts belonging to the gang members were also frozen.

According to a statement by Europol, the individuals authorized fraudulent bank transfers, adjusted mule bank accounts and commanded ATMs to issue cash. Apparently the group worked with the Russian mafia up till 2016 but then began working with the Moldovan mafia. This massive operation enabled the gangsters to accumulate a staggering 15,000 BTC with the money being converted on cryptocurrency exchanges in Russia and Ukraine which would later be transferred to the group’s personal bank accounts.

This is not the first time that cryptocurrency has been used to launder money. A Turkish gang was involved in extortion to the amount of 450 BTC from a Turkish businessman while in February a Taiwanese gang was arrested for the theft of BTC worth up to $100,000.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

source: https://coingeek.com/europol-takes-ukranian-gang-suspected-using-crypto-launder-1-2b/

Government-owned Telecom Egypt linked to Monero mining software

Government-owned Telecom Egypt linked to Monero mining software

If proven true, Sandvine’s new “revenue-generation” formula is downright unethical.

Since last year, over 5,000 websites including Amazon and Australian government websites have fallen victim to a malware that uses unwitting users’ computers to mine Monero (XMR) for attackers. Back then, the Coinhive malware slipped in these websites through a usability plugin called BrowseAloud.

And it looks like cyberthieves are deploying the same malware to mine the same coin, but this time a suspect has been pinpointed.

A report by researchers at the Citizen Lab titled, “BAD TRAFFIC” alleges that government-owned company Telecom Egypt had a hand in it, with implications of involvement by network intelligence provider Procera, and its newly acquired corporation Sandvine. Apart from infecting users with Monero-mining CoinHive malware, users are also being wrongly redirected to revenue-generating ads and content—which is one of Sandvine/Provera’s major business offerings. The Sandvine/Procera partnership focuses on traffic management, analytics, and revenue generation, among other things.

The report says that Sandvine devices are being used to infect users with the malware and to generate revenue through redirects not only in Egypt but also in Turkey and Syria, adding that this “raises significant human rights concerns.”

According to the report, the researchers found deep packet inspection (DPI) middleboxes on Egyptian government-owned Telecom Egypt which were similar to those found on Türk Telekom, and “were being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”

In a message to CoinDesk, Sandvine denies the allegations, and says that the company has launched an investigation on the allegations.

“Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading….We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.”

This isn’t the first time the Egyptian government has been accused of manipulation. In 2016, a report alleged that there were anomalies in networks in Egypt, pointing to censorship and malware injection, as well as interference of secure networks (HTTPS) while enabling connections to unsecured networks (HTTP).

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.