Attackers Take Advantage of Cryptocurrency Security Issues

Today’s topics include the disclosure of a number of cryptocurrency mining operations; Microsoft investigating a flawed Meltdown patch on AMD PCs; Broadcom appealing to shareholders in its bid for Qualcomm; and Google making Google Pay its single payment service brand.

So far in 2018, a number of new attack vectors against cryptocurrencies have already been disclosed, as well as at least one major vulnerability.

On Jan. 8, security firm Alien Vault reported that it found an application attempting to mine the Monero cryptocurrency, with all proceeds being sent to Kim Il Sung University in North Korea. Alien Vault, however, said it is not certain that the government of North Korea is behind the new Monero mining campaign. Christopher Doman, security researcher at Alien Vault, said it's possible the operation could just be a prank being conducted by hackers operating out of Morocco.

On Jan. 3, security firm F5 Networks revealed that attackers are using a new Python script to mine Monero on servers. Meanwhile, a flaw with Electrum digital wallets that could enable an attacker to steal a user's cryptocurrency was patched on Jan. 7.

After last week’s revelation of two CPU vulnerabilities that collectively affect most modern processors from Intel, AMD and Arm, Microsoft quickly issued emergency patches for the Meltdown and Spectre flaws.

However, many owners of PCs with AMD chips, particularly Athlon 64 CPUs, who applied the early Windows 7 "monthly rollup" patch that addresses the vulnerabilities are complaining that they were greeted with a Blue Screen of Death, rendering their PCs inoperable. The Windows 10 flavor of the patch is also causing bootup problems for some users with AMD-based systems.

A Microsoft spokesperson told eWEEK, "We are aware of the reports and are investigating.” AMD, meanwhile, is downplaying the effects of the Meltdown and Spectre flaws on its processors, claiming its chips are largely immune to the so-called "speculative execution" vulnerabilities.

Qualcomm’s board of directors late last year rejected Broadcom’s $105 billion bid to buy the company. So Broadcom executives are now taking their bid for Qualcomm directly to the chip maker’s shareholders.

In a letter sent with other proxy materials Jan. 5 to Qualcomm investors, Broadcom President and CEO Hock Tan argued that his company’s offer for Qualcomm would be a financial boon to shareholders and urged them to vote for 11 Broadcom-backed candidates for Qualcomm’s board of directors during Qualcomm’s annual stockholder meeting March 6.

Qualcomm directors rejected Broadcom’s unsolicited bid because they claim it greatly undervalues their company, and late last month said they would not nominate the slate of 11 board candidates put forth by Broadcom. A merger of the two companies would create a chip-making giant that would rank only behind Samsung and Intel.

Google is combining its online payment apps into a unified service branded Google Pay, which will replace the currently separate Android Pay and Google Wallet services. Google Pay will allow users to use payment information stored in their Google account to pay for purchases in stores, in Play, via Chrome and across Google services.

Some organizations have already begun accepting payments via Google Pay, including Airbnb, Fandago, Dice, Instacart and HungryHouse.

Google has also made available a Google Pay Application Programming Interface that developers can use to request credit and debit card information stored in their customer's Google account. Developers only have to import the Play Services library to get access to everything they need to implement Google Pay.