developers are reporting a malicious file that has been located within the new Syscoin 18.104.22.168 installer that has been available for download via the Syscoin Github as of the 9th
of June 2018. The file came through a compromised Github account and seems to contain a Trojan Horse type virus.
Since then, Syscoin have uploaded a full report which details what has happened and moreover, what users need to do to rectify the issue.
If you think you may be affected by this, see the report from Syscoin here- https://github.com/syscoin/syscoin/wiki/Security-Notice-for-Windows-based-installers
Anybody who downloaded Syscoin 22.214.171.124 (for Windows) from Github between the 9th
of June and the 13th
of June are at risk, however those using other versions of Syscoin (i.e. not 126.96.36.199) and those that did not open or execute the Syscoin 188.8.131.52 installer will not be affected by this. In order to rectify the issue and protect your machine, Syscoin have issued the following advice:
“All Windows users should identify their installation date:
If the modified/installation date is between June 9th, 2018, and June 13th, 2018, take the following precautions:
- Right-click on syscoin-qt.exe in C:\Users[USERNAME]\AppData\Roaming\SyscoinCore or view in detailed list mode and make a note of the modified date.
- OR go to Settings->Apps and make a note of the installation date.
- Backup any important data including wallets onto another storage medium outside of the affected computer. Treat this data cautiously as it may contain infectious code.
- Run an up-to-date virus scanner on your system to remove the threat.
- Passwords entered since the time of the infection should be changed from a separate device after ensuring the threat has been removed.
- Funds in unencrypted wallets or wallets that had been unlocked during the infection period, should be moved to a newly generated wallet on a secure computer.
"We highly recommend running the following GenericKD trojan removal guide – https://malwaretips.com/blogs/trojan-generickd-removal/. This must be completed before you restart or you may be prompted for a login screen at which point the trojan could be logging your password.”
Importantly, if you do believe your device has been affected
, you should refer to a PC technician for further advice, especially if you do not feel confident that the above steps have helped or moreover, if you do not feel confident in following the steps.
As a result of this potentially catastrophic breach, Syscoin will be reviewing how developers and the Syscoin team access Github and various other accounts. As a result of this, they will be protecting all external logins with 2-factor authentication, moreover they will continue to work with Github to monitor any changes that are made to repositories after official Syscoin developers have uploaded them.
Unfortunately, it doesn’t end there, Syscoin are worried that there are further implications for this breach, in that the malicious file could still be active and thus could be attacking gatekeepers of other source codes. According to the Syscoin report:
“We highly recommend that all gatekeepers of software repositories for cryptocurrency projects sign binaries through an official build process like Gitian. Should the Gitian process be followed, (for example: https://github.com/syscoin/syscoin/blob/master/doc/gitian-building.md) you will have necessarily signed the binaries. It is then easy for a downloader to detect that these binaries have been signed by an authority managing the release process (in this case Blockchain Foundry Inc.).”
Hopefully, through releasing this information in a timely manner, Syscoin have been able to limit the damage caused by this breach. Overall though, it is quite an embarrassing time for the Syscoin team and their developers. Hopefully this tails off and normal service can be resumed soon enough. Overall though, this is sure to knock at least a bit of confidence out of many Syscoin investors
, who ultimately could have lost a lot of money as a result of this.