Malware attack on btc blockchain through Electrum Wallet ?

[abhibtccc]

Hello people,
I came through this article : https://www.forbes.com/sites/billybambrough/2019/09/07/serious-malware-warning-over-bitcoin-blockchain/

Can you analyse this  ?

[1715229322]

1715229322

[1715229322]

1715229322

[1715229322]

1715229322

[1715229322]

1715229322

[pooya87]

there is a malware called Glupteba that has been infecting computers for a couple of years. it exploits vulnerabilities in windows,... to infect and then steals sensitive information. later on it added a Monero miner to its code to also mine this altcoin on user's computers.
there is no bitcoin involved so far.

then there is this:

A router exploiter that attacks MikroTik routers in local network with the CVE-2018-14847 vulnerability. It will schedule a task on the router for command and control (C&C) and upload the stolen administrator credentials to a remote server. A compromised router will be configured as a SOCKS proxy to relay malicious traffic, matching the original purpose of the Glupteba botnet on Windows.

whenever they want to change these C&C servers they create a new bitcoin transaction to an address hardcoded in the malware and put the server address in its new OP_RETURN output.
then the malware uses the bitcoin network to fetch that bitcoin transaction using Electrum servers, reads the OP_RETURN data and decodes it to the server address and some additional info.

there is no "attack on btc blockchain" and has nothing to do with "electrum wallet" and there is no bitcoin being transferred using this malware either.

[abhibtccc]

there is a malware called Glupteba that has been infecting computers for a couple of years. it exploits vulnerabilities in windows,... to infect and then steals sensitive information. later on it added a Monero miner to its code to also mine this altcoin on user's computers.
there is no bitcoin involved so far.

then there is this:

A router exploiter that attacks MikroTik routers in local network with the CVE-2018-14847 vulnerability. It will schedule a task on the router for command and control (C&C) and upload the stolen administrator credentials to a remote server. A compromised router will be configured as a SOCKS proxy to relay malicious traffic, matching the original purpose of the Glupteba botnet on Windows.

whenever they want to change these C&C servers they create a new bitcoin transaction to an address hardcoded in the malware and put the server address in its new OP_RETURN output.
then the malware uses the bitcoin network to fetch that bitcoin transaction using Electrum servers, reads the OP_RETURN data and decodes it to the server address and some additional info.

there is no "attack on btc blockchain" and has nothing to do with "electrum wallet" and there is no bitcoin being transferred using this malware either.

Thanks a lot for taking time to analyse this . I was concerned over this . So this means electrum is safe & windows needs to be made more secure .

[pooya87]

~
Thanks a lot for taking time to analyse this . I was concerned over this . So this means electrum is safe & windows needs to be made more secure .

no problem.
and essentially yes. the malware is just using bitcoin nodes that have the ElectrumX software installed to index their database to fetch the transaction. the wallet is not even involved, in other words they are using the protocol.
you have to keep your computer safe from the malware in first place which is said to initially be spread by "get paid to install" micojobs.