The developers of Syscoin cryptocurrency found a malicious copy of Windows installer Syscoin 126.96.36.199, which was available through kompromentirovat page Syscoin on Github. The installer contained the malicious code (Trojan:Win32/Feury.B!cl). When you run the fake installer file name re.exe remained in the local temp folder (C:UsersuserAppDataLocalTemp).
The developers purposefully infected cheap laptop that has not been used for work. Restart the computer and it asked to enter a password to enter, although he was not encrypted. To enter the system, the developers noticed a file called 402232.exewho renamed themselves Antimalware Service Executable in task Manager. After the restart it was password protected. According to the developers, it’s most likely a Keylogger or virus-extortionist.
The Syscoin team reported that, according to reports SmartScreen, Windows Defender, AVG and Kaspersky detect the file syscoincore-3.0.4-win64-setup.exe as a potential virus. The investigation revealed that the installer file on Github for version 188.8.131.52 was replaced with a malicious version, a hacked account on Github.
Victims of the virus may be Windows users that have downloaded and launched the installer from 9 to 13 June. At the moment you deleted a file from Github and replaced by the official. Immediately after the detection of the virus the developers of Syscoin set for accounts with two-factor authentication and conducted verification of the hash signatures.