- The backdoor was noticed last week but researcher cracked the code Monday
- Malicious code was targeting users of Copay Bitcoin wallet
Hackers Get More Robust
Software developers noticed the presence of the malicious code last week but it was only on Monday, November 26, 2018, that researchers managed to crack the code regarding the highly mystified malevolent code and its potential.
During the first stage, version 3.3.6 that was published on September 8, included “an innocent” module known as flatmap-stream. It was the during the second stage that was executed on the October 5 update when they added the malicious code to flatmap-stream, which tried to steal from Bitcoin wallets and transfer their account balances to a server in Kuala Lumpur. The scheme was unearthed last Tuesday via a report from a Github user Aryton Sparling.
The report shows that the malicious code seems to have been designed to specifically target users of a Bitcoin wallet developed by Copay, a company the recently incorporated the event-stream into its App. Copay had earlier this month reported it was updating its code to refer to flatmap-stream even though Copay denied the presence of the malicious code, but later admitted the release actually contained the backdoor.
Commenting on a blog post that the company published after the post went live, a company official admitted that versions 5.0.2 and 5.1.0 were affected by the backdoor and advised users to avoid running the App until after they had installed version 5.2.0. The blog post explained:
“Users should not attempt to move funds to new wallets by importing affected wallets’ twelve word backup phrases […] users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.”