Published 5 years ago on June 16, 2018
âAll Windows users should identify their installation date:
If the modified/installation date is between June 9th, 2018, and June 13th, 2018, take the following precautions:
- Right-click on syscoin-qt.exe in C:\Users[USERNAME]\AppData\Roaming\SyscoinCore or view in detailed list mode and make a note of the modified date.
- OR go to Settings->Apps and make a note of the installation date.
- Backup any important data including wallets onto another storage medium outside of the affected computer. Treat this data cautiously as it may contain infectious code.
- Run an up-to-date virus scanner on your system to remove the threat.
- Passwords entered since the time of the infection should be changed from a separate device after ensuring the threat has been removed.
- Funds in unencrypted wallets or wallets that had been unlocked during the infection period, should be moved to aÂ newly generatedÂ wallet on a secure computer.
"We highly recommend running the following GenericKD trojan removal guide âÂ https://malwaretips.com/blogs/trojan-generickd-removal/. This must be completed before you restart or you may be prompted for a login screen at which point the trojan could be logging your password.âImportantly, if you do believe your device has been affected, you should refer to a PC technician for further advice, especially if you do not feel confident that the above steps have helped or moreover, if you do not feel confident in following the steps. As a result of this potentially catastrophic breach, Syscoin will be reviewing how developers and the Syscoin team access Github and various other accounts. As a result of this, they will be protecting all external logins with 2-factor authentication, moreover they will continue to work with Github to monitor any changes that are made to repositories after official Syscoin developers have uploaded them. Unfortunately, it doesnât end there, Syscoin are worried that there are further implications for this breach, in that the malicious file could still be active and thus could be attacking gatekeepers of other source codes. According to the Syscoin report:
âWe highly recommend that all gatekeepers of software repositories for cryptocurrency projects sign binaries through an official build process like Gitian. Should the Gitian process be followed, (for example:Â https://github.com/syscoin/syscoin/blob/master/doc/gitian-building.md) you will have necessarily signed the binaries. It is then easy for a downloader to detect that these binaries have been signed by an authority managing the release process (in this case Blockchain Foundry Inc.).âHopefully, through releasing this information in a timely manner, Syscoin have been able to limit the damage caused by this breach. Overall though, it is quite an embarrassing time for the Syscoin team and their developers. Hopefully this tails off and normal service can be resumed soon enough. Overall though, this is sure to knock at least a bit of confidence out of many Syscoin investors, who ultimately could have lost a lot of money as a result of this.