Trickbot is not a new threat, but it is an evolving one. The latest twist of the banking Trojan knife as far as Windows 10 users are concerned is the addition of new methods to not only evade but actually disable Windows Defender security protection. As reported on July 14 in Forbes , Trickbot is a particularly stealthy banking Trojan that has been around since 2016. Since then, it was thought to have compromised no less than 250 million email accounts in an effort to distribute the malware payload. That payload includes the stealing of online banking credentials and cryptocurrency wallets. Microsoft has always been front and center as far as Trickbot attack campaigns are concerned, with weaponized Word and Excel files being a favored approach. The latest campaign is targeting Windows 10 users and implementing a highly detailed and convincing, but fake nonetheless, Office 365 page to prompt for browser updates that install the Trojan itself. Disab...
The goal was to demonstrate “the SmartBillions lottery smart contract’s comprehensive security.” Initially, according to a press release, the prize was to be collected by any hacker that managed to break into the smart contract and withdraw the funds, as a way to prove how serious the team took investor protection. The team stated:
“The development team is so confident in their product and its security that they will risk their own funds (1500 ETH), to demonstrate its safety.”
A few days later, the issued challenge seemingly backfired, as a hacker did manage to compromise the smart contract. The hacker, according to a Reddit thread, essentially managed to game the system and force it to make him win large amounts. The hacker managed to withdraw 200 ETH twice, before the contract’s admin pulled the remaining funds and cut his losses, as visible in the contract’s address.
SmartBillions reacted to the occurrence by congratulating the individual – or individuals, as they point to two hackers – who managed to withdraw the funds.The team behind the smart contract-based lottery system even added that they’d rather see it happen now, than during the ICO, and even announced a new hackathon, following a smart contract revision. The team wrote:
“We witnessed the best possible scenario as the breach was revealed during the hackathon process, rather than during the ICO. We strongly believe in this community audit mechanism and, as a result, we’re launching the next hackathon today, following a revision of the smart contract conditions.”
Various users believe that SmartBillions’ team wasn’t fair with the hacker(s)that managed to withdraw some of the funds, as the bounty was of 1,500 Ether, not whatever they could get before the team pulled the funds.
Given that the project’s members remain anonymous, and that they used a backdoor to pull the remaining funds, many now believe the incoming ICO might not be safe for investors, as the same thing can happen after users send over their money.
The new hackathon will also have a 1,500 Ether prize, and will start, according to the organization’s website, seven days before the ICO starts on October 16. This time, as various users pointed out, the hackathon will get a lot more attention than what it did before, so the team needs to thoroughly review the code.
Source:here
Comments
Post a Comment