A report by anti-malware software firm, Malwarebytyes has claimed that the number of infected Electrum Bitcoin wallets has reached 152 000. This follows on from the Denial-Of-Service (DoS) attack on its servers. Users are being advised to be particularly vigilant until the issue is resolved.
In a post earlier this month about the same issue, researchers said that threat actors had tricked users into downloading a malicious version of the wallet by exploiting a weakness in the Electrum software. The Electrum developers exploited the flaw in order to direct users to download the latest patched version.
According to the report, the amount of stolen funds has increased to $4.6 million, and the “botnet that is flooding the Electrum infrastructure is rapidly growing”. This online tracker shows that on April 24, the number of infected machines in the botnet was just below 100,000 and the following day it reached its highest at 152,000.
Malwarebytes identified a loader dubbed Trojan.BeamWinHTTP, which is also involved in downloading the previously-detected Electrum DoSMiner.
They analysed IP addresses and found that the botnet that is attacking Electrum wallets is growing, with the largest concentration of bots being located in the Asia Pacific area, Brazil and Peru.
Computers Joined To Botnet That Performs DDoS Attacks
The number of victims changes regularly as some machines get “cleaned up” others are being infected and joining in with the Distributed Denial of Service (DDoS) attack. Malwarebytes claim that users of affected computers could “experience slowdowns in internet speed as they are joined to a botnet that performs DDoS attacks”.
Electrum’s website issues a warning on each page: “Electrum versions older than 3.3.3 are vulnerable to a phishing attack. Do not download Electrum from any another [sic] source than electrum.org”. The best way for users to protect themselves is to download Electrum software from the official Electrum website and its official GitHub repository.