A new computer virus called Erbium focuses on compromising credit card information and login credentials for Chromium browsers (Microsoft Edge, Firefox, Chrome), but it can also hack into cryptocurrency wallets. Crypto wallets are secured with their cryptographic keys – a public key and a private key. This form of cryptography is among the most secure available today, although quantum computers may pose a threat in the future.
On the other hand, hardware crypto wallets (or “cold wallets”) store the private key on a physical device, making it unreachable by any means, and are the highest standard of security for storing digital assets. Until now, no virus or hacker has ever succeeded in obtaining a hardware wallet’s private key, but browser wallets (or “hot wallets”) are known to be vulnerable to malware.
In accordance BeInCrypto, the Erbium virus is a “Malware-As-A-Service” type of ransomware, and is currently offered as a $100 per month or $1000 per year subscription. It even has its own customer support line. Along with stealing autocomplete data and credit card information, it can hack cryptocurrency browser wallets, and (for what may be the first time in blockchain history), some hardware wallets as well. Typically, stealing cryptocurrency requires malicious links or phishing attacks that trick the owner into signing away their holdings, but some malware programs are capable of stealing the browser wallet’s private key when it is used to sign a transaction. But until Erbium, no one has been able to crack hardware wallets. According to a blog post by DuskRise, Erbium has been able to compromise Exodus, Ethereum, Litecoin-Core, Monero-Core and Bytecoin hardware wallets, and can steal passwords from the Trezor password manager, possibly making it the first of its kind to to be able to crack hardware wallets.
Update your antivirus and don’t download sketchy files
Currently, Erbium spreads through infected files, which are mostly cracked game downloads and cheats at the moment, but like many viruses, it will be used to infect email attachments and other downloads in the future. Updating antivirus software, or obtaining a free or paid antivirus program, should be a user’s top priority at this time. Users should always double-check email addresses containing attachments before downloading them, and should stay away from torrent sites and any illegitimate download links if their antivirus protection is in doubt.
Although Erbium has been around for a few months now, it’s starting to catch on with ransomware hackers thanks to its ability to steal credit card data, login credentials, 2FA app codes, Steam and Discord tokens, Telegram authentications, and crack crypto wallets (including hardware wallets). Users must be vigilant to protect themselves and their crypto holdings from Erbium virus.
Source: BeInCrypto, DuskRise
