Hacker News

Cerber Ransomware Seen Again Now Steal Browser Passwords, Bitcoin Wallet Data

Sharing is caring!


The Cerber ransomware has received an update that allows it to collect and steal data from a victim’s computer.Cerber ransomware has reputation of being one of the most rapidly evolving ransomware families to date.

According to security researcher from Trendmicro, this version of cerver ransomware can steel saved password form browser and can also steals wallet data.

This ransomware targets three types of Bitcoin wallet application.It searches and steals files named wallet.dat (used by the first-party Bitcoin Core wallet), *.wallet (used by the Multibit wallet app), and electrum.dat (used by the Electrum wallet app).

Although getting these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question. Furthermore, since 2013 the Electrum app no longer uses the electrum.dat file to store wallet information. Reasercher stated in blog post

It also tries to steal the saved passwords from Internet Explorer, Google Chrome, and Mozilla Firefox. This ransomware does these things before encrption. It sent saved password and wallet information to attacker through command-and-control servers. It also deletes the wallet files once they have been sent to the servers.

Files with the following SHA-256 hash are related to this incident:

6c9f7b72c39ae7d11f12dd5dc3fb70eb6c2263eaefea1ff06aa88945875daf27 – detected as RANSOM_HPCERBER.SMALY5A

To prevent form this, User should be educating about opening attachment from externad and unverified sources. System administrator should implement email policy to filter these types of attachment.

Join The Discussion