Malicious actors replaced the legitimate Windows installer for Syscoin's cryptocurrency earlier this month with a version containing malware, which was available on the company's Github page for several days.
The malicious Windows installer was detected on 13 June when Windows Defender SmartScreen detected the sysccoincore-3.04-win64-setup.exe by Unknown Publisher appearing, Syscoin said. Anyone who downloaded and executed the installer between 9 June 10:14 pm UTC (11:14 pm BST) and 13 June 10:23 pm UTC (11:23 pm BST) is at risk. A look at the malware indicated to Syscoin that it was either ransomware or a keylogger.
“Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 126.96.36.199 installer was made available via the Syscoin Github release page on 9 June, 2018 due to a compromised GitHub account. This installer contained malicious code. (Trojan:Win32/Feury.B!cl),” Syscoin said on Github.
Those who are uncertain whether or not they have a safe and verified version should go to Settings->Apps and make a note of the installation date and check it against the period when the malicious version was live on Github, Syscoin said.
Syscoin also noted it will institute several additional safety measures for its developers and Blockchain Foundery staff, including implementing two-factor authentication, Perform routine verification of signature hashes and to work with Github to ensure users will be able to detect if binaries have been altered after release.