Report: DDoS Malware Attacks on Electrum Affects 152,000 Hosts
A report from Malware Bytes Labs, April 29, 2019, reveals the long-standing malware issue in the Electrum wallet has reached 152,000 hosts. Users were asked to update their wallets after which they were infected with a bug. After developers launched countermeasures, the hackers launched a series of DDoS attacks.
Issues with Electrum
After confirming the existence of a malicious copycat product almost a year ago, malware targeting Electrum wallets is just as prevalent today as it was then. In spite of several attempts by developers to thwart it, the party behind the attacks have not been easily shaken off. After the manual update bug was resolved, the hackers launched full-scale DDoS attacks. Stolen funds have amounted to nearly five million USD.
On April 24, there were 100,000 infected botnets. The following day it skyrocketed to 152,000; its highest ever level. The last few days have seen the number fluctuate between 100,000 and 152,000.
Unsuspecting users who were phished have faced hardly any recourse as this hasn’t gotten much attention. The DDoS attacks have not been publicized by mainstream media outlets, but they have caused millions of dollars in losses within the last few months.
A particularly interesting finding from this study was the geographical concentration of these botnets. Based on the heat map given by Malware Bytes Labs, most botnets are located in Malaysia, Indonesia, Papua, India, Pakistan, and Brazil. Coincidentally or not, these are all emerging market economies with cheap electricity and a significant number of computer science specialists.
Electrum Reacts to Media Reports
The wallet provider has not taken kindly to reports of the DDoS malware. This is because certain media outlets have misrepresented the report by Malware Bytes Labs with click-bait headlines. The essence of the report is to highlight the malicious activity of the people orchestrating the DDoS attacks. Electrum has done their best to address these concerns and has actually rectified the malicious update. Preventing DDoS attacks against individual wallets can be difficult given the geographically dispersed presence of wallets.
This could have happened with many wallet providers if they had been targeted. Electrum, being one of the most well-known desktop wallets for Bitcoin, is bound to be targeted due to its large user base. In any case, Electrum needs to find a way to quickly resolve this as they risk losing users to the fear of being targeted by an attack.