Syscoin's Homepage. / Photo by: Sharaf Maksumov via Shutterstock
The GitHub account of instant payment cryptocurrency company Syscoin was attacked by an unknown hacker who substituted the official Windows client with another that was infected with the Arkei Stealer malware. Also known as Trojan:Win32/Feury.B!cl, it dumps and steals passwords and wallet private keys. The incident was discovered after users informed the Syscoin team that Windows Defender SmartScreen was flagging Syscoin Windows client downloads as suspicious, according to Catalin Cimpanu, writing for Bleeping Computer.
Syscoin has issued an alert informing users that the version 126.96.36.199 of the Syscoin client downloaded from June 9 to June 13m 2018 may be tainted with the Arkei Stealer. Users who may have downloaded the Syscoin client between the two time periods but have not installed it on their computers are advised to delete the said file and download a malware-free version of the Syscoin client. The company added that only the Windows client was affected by the malware but other files included in the v188.8.131.52 release were not involved.
Other precautions that users can implement include making a full backup of all vital information found in their digital wallets; running an anti-virus software to detect and erase the said malware; changing passwords and using secured wallets instead of unsecured ones for storing funds.
The company has also instructed its developers to use two-factor authentication and conduct standard file signature checks on all the files that can be downloaded from the GitHub account. The developers must also audit and confirm their binaries and signature hashes to prevent any form of software manipulation. The Syscoin client enables users to run a Syscoin node, which they can use in mining new Syscoin cryptocurrency or in managing their funds.
Syscoin is ranked 85th among all digital currency and has a market value of $117 million. It is presently worth US$0.22.