Trojan.Coinstealer

Security Bulletins

2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

10/19/2013

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

10/18/2013

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

10/15/2013

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

10/15/2013

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

10/15/2013

Latest Malware Updates

Type: Trojan
Discovered: 20.03.2014
Updated: 20.03.2014
Affected systems: Mac OS X, Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
AV Vendor: Symantec

Description:

The Trojan targets both Windows and Mac OS X computers

Windows computers
When the Trojan is executed, it creates the following files:

%Temp%\TibanneSocket.exe
%Temp%\revsecurity.dll

The Trojan then searches for the following files:

%UserProfile%\Application Data\Bitcoin\bitcoin.conf
%UserProfile%\Application Data\Bitcoin\wallet.dat

Mac OS X computers
The Trojan searches for the following files:

/Library/Application Support/Bitcoin/bitcoin.conf
/Library/Application Support/Bitcoin/wallet.dat

Both operating systems
The Trojan then sends these files to the following remote locations:

[http://]82.118.242.145/cgi-bin/conf[REMOVED]
[http://]82.118.242.145/cgi-bin/sync[REMOVED]

The Trojan then deletes itself from Windows computers.

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

Multiple Vulnerabilities in Linux kernel

03/04/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015