GitHub Hacked, Spreads Malicious Syscoin Windows Installers

Cryptocurrency Syscoin announced that the official release of Syscoin (detection name: TSPY_HPFAREIT.SM4) was compromised from June 9, 2018 to June 13, 2018, after an “Unknown Publisher” hacked into Syscoin’s legitimate GitHub account. The hacker then replaced the official files with modified versions that infected machines with either a keylogger or ransomware when executed. Developers who executed the modified installers on the identified dates were advised to back up their files and check that they did not release projects with the malicious code, run an antivirus scan to remove the infected files, and change their online wallet passwords.

Syscoin discovered the malware after they were notified that the installers were being flagged as malicious. Further investigations showed that the modified files were made available on the Syscoin GitHub page on June 9. Once executed, it prompts for a login password after restarting even without setting anything up. During login, it renames itself as “Antimalware Service Executable” in the task manager.

[Related: Update now: Git vulnerability can be used for remote code execution]

Mac and Linux Syscoin versions are safe, but it affects Windows users who executed the modified versions. Researchers warn that the code could affect blockchain projects, unencrypted wallets, and other released cryptocurrency projects. According to the report, Syscoin developers and GitHub staff will start implementing 2FA authentication, routine signature hash verification, and will begin working together to check for altered releases.

This incident comes after Microsoft announced earlier in June 2018 that it has agreed to acquire the open source development platform, prompting mixed responses from developers and researchers.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.