Skip to content

Swiss Cyber Authorities Identify Crypto Trojans: Dridex, Gozi, Monerominer

Swiss financial institutions continue to be exploited by cybercriminals. Cyber Authorities have identified Dridex, Gozi, and
Swiss financial institutions continue to be exploited by cybercriminals. Cyber Authorities have identified Dridex, Gozi, and Monerominer as Crypto Trojans.

Switzerland’s financial institutions continue to be exploited by cybercriminals, says the latest research report by cybercrime authorities. The only except in 2018 is that the targets are no longer banks but crypto exchanges. The research identified Monerominer virus, as the sixth most significant malware thanks to the anonymous nature of the virtual asset.

MELANI Research

The organization Reporting and Analysis Centre for Information Assurance (MELANI) has shared the details of the recent cyber threats assailing Swiss internet space in recent times.

Most important findings of the research outfit have been the Trojan Dridex which in its characteristic is an e-banking threat but has been re-worked to exploit the latent insecurities of cryptocurrency operations.  The virus had made its first appearance in 2012 as Cridex. The latest study reports that the configuration files of the virus had notably increased the number of crypto exchanges it had targeted.

The second such significant virus it found was Gozi. Researchers in 2009 had first unearthed the virus. In its latest avatar, the virus has morphed sufficiently to exploit digital assets. Not surprisingly, the research also found that Gozi targets were no longer just banks but the cryptocurrency exchanges.

Gozi was found to be the ninth most prevalent virus disturbing the cyberspace in Switzerland where banks and cryptocurrency dominant the internet.

For the very first time, the virus was found to be ‘malvertising’ in order to infect the network as early as possible.

The concept of malvertising is of recent origins. It is a method where advertisements are malware and victims are cheated into downloading these advertisements. The method the malware uses is to place the advertisements above the results displayed by the search engines. Hence, users are confused and often mislead into clicking on these malware advertisements.

Two million undiscovered variants

The third most significant virus that the research of the premier Swiss Cyber organization has discovered is the Monerominer. As a matter of fact, this has been the most significant of the cryptocurrency viruses that the agency has been able to identify thus far. The incidence of these threats has been as high as sixth most common malware threat infecting Switzerland.

Additionally, the virus also doubles as a malware bot. The impact of this malware is huge. The bot has the capacity to download and also run other malware. This will lead to more information being stolen from the account. The bot also records the keystrokes and will encrypt the hard drive matter. After which it will demand ransom from the victim in the form of cryptocurrencies to release the data it holds encrypted. Thus the impact of this bot-virus is long lasting and impacts a wide section of the cryptocurrency users as well as fiat-currency users.

Monerominer does not stop at the bot version either.  Researchers have lately discovered the range and depth of this CoinHive script.  Over two million variations remained undiscovered!