Tens of Thousands of Android Devices Are Exposing Their Debug Port Hackers Crashed a Bank’s Computers While Attempting a SWIFT Hack InvisiMole Is a Complex Spyware That Can Take Pictures and Record Audio Microsoft Store Brings Remote App Install to Windows 10 With “Install on my devices” Weight Watchers IT Infrastructure Exposed via No-Password Kubernetes Server Get 98% off The Certified Ethical Hacker Bootcamp Bundle InsaneCrypt (desuCrypt) Decrypter Remove the WindowsRecoveryCleaner or Iostream.exe Miner Remove the ShutdownTimer or Shutdown Timer PUP Remove the Software Updater Service PUP Remove the Auto Mechanic 2018 PUP Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Change Your Twitter Password How to Setup Login Verification in Twitter How to Use Cortana As Your Virtual Assistant in Windows Restrict What Personal Data Is Shared on the Facebook API Platform How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545.
The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service —such as a mineror wallet application that users or companies have set up for mining or managing funds. Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner’s personal details.
As such, this interface comes disabled by default in most apps, and is usually accompanied by a warning from the original app’s developers not to turn it on unless properly secured by an access control list (ACL), a firewall, or other authentication systems. Almost all Ethereum-based software comes with an RPC interface nowadays, and in most cases, even when turned on, they are appropriately configured to listen to requests only via the local interface (127.0.0.1), meaning from apps running on the same machine as the original mining/wallet app that exposes the RPC interface. But across the years, developers have been known to tinker with their Ethereum apps, sometimes without knowing what they are doing.
This isn’t a new issue. Months after its launch, the Ethereum Project sent out an official security advisory to warn that some of the users of the geth Ethereum mining software were running mining rigs with this interface open to remote connections, allowing attackers to steal their funds.
But despite the warning from the official Ethereum devs, users have continued to misconfigure their Ethereum clients across the years, and many have reported losing funds out of the blue, but which were later traced back to exposed RPC interfaces. Scans for these ports have been silently going on for years but with cryptocurrency prices growing to record heights in 2017, multiple threat groups have joined the fold in search for easy money left exposed online. Read more from bleepingcomputer.com…
thumbnail courtesy of bleepingcomputer.com