ESET, a cybersecurity company from Slovakia, along with the Dutch police, recently uncovered a significant cryptocurrency theft operation connected to the notorious Ebury botnet. Over the past 15 years, this botnet has compromised more than 400,000 servers, posing a major threat to the industry.
According to a report released by ESET on May 14, the Dutch National High Tech Crime Unit (NHTCU) initially discovered the Ebury botnet incident during an investigation in 2021.
The investigators found that the cybercriminals behind the operation had been carrying out a series of cryptocurrency thefts, specifically targeting Ethereum and Bitcoin nodes. The Dutch police explained that the botnet operators steal assets from unsuspecting users’ wallets when they enter their login details on the infected servers.
The Ebury botnet, which has been active since at least 2009, is used for various purposes, including deploying additional malware, monetizing the botnet through modules for web traffic redirection, proxying traffic for spam, conducting adversary-in-the-middle (AitM) attacks, and hosting supporting malicious infrastructure.
AitM attacks involve intercepting and potentially altering the communication between two parties without their knowledge. Between February 2022 and May 2023, the Ebury botnet compromised more than 200 AitM attack targets across 75 networks in 34 countries. It stole cryptocurrencies, login credentials, and credit card details, accumulating significant sums of money over time.
This access allows the operators to directly steal funds from these wallets or use compromised systems to mine cryptocurrencies, exploiting the resources of unsuspecting victims. The botnet’s ability to remain undetected for extended periods enables it to continue its operations and accumulate large amounts of cryptocurrency over time.
The Ebury botnet’s ability to compromise a large number of servers has made it the go-to malware for facilitating large-scale cryptocurrency theft, which is already on the rise. According to data from PeckShield, a total of $336.8 million in crypto funds was stolen in the first quarter of 2024. The Certik Hac3d Report also revealed that cryptocurrency theft resulted in significant losses exceeding $500 million in Q1 2024, marking a 54% increase compared to the same period in 2023, which saw losses of approximately $326 million.
The report by Certik highlighted that January 2024 was particularly severe, with $193 million stolen across 78 incidents. Notably, compromises of private keys resulted in a loss of $239 million in just 26 incidents.
These breaches, which target the unique keys individuals use to access their cryptocurrency holdings, accounted for nearly half of all financial losses despite representing only 11.7% of all reported security breaches.
Follow Us on Google News