This may be the main thing to fix here, as it's very plausible that hacks happen again and again... by design.
Today it's an infected printer, tomorrow it will be a game on Steam.
But something like that would only be surprising if it was more than an obvious lazy asset flip.
The bigger question is, when they said:
> G Data's research showed that the Bitcoin address linked to SnipVex had received about 9.3 BTC, roughly $100,000
How big was the largest amount stolen?
It could be a few individuals with a lot of money in their unprotected software wallets, or it could be a lot of people with relatively smaller amounts stolen from each of them.
If you only have a couple hundred dollars worth of bitcoin and don’t intend to buy any more of it then it doesn’t make much sense to spend as much on a hardware wallet as those cost. But if you have like $500 of bitcoin then it starts to make more sense. Especially if you plan on buying more of it. And if you have over a $1,000 and are still using a software wallet you should really look into getting a hardware wallet ASAP IMHO.
It’s not, because that wasn’t the problem and would not have worked. For one, nothing indicates the $100K were extracted in one go, it looks like it was cumulative. For another, this malware isn’t directly sending coins, it’s just replacing addresses in your clipboard.
until that changes, airgap your weird hardware setups I guess
Also this is a perfect storm for lateral movement. USB-borne worms still work frighteningly well in small biz environments, especially ones with no centralized IT and people plugging printers directly into Windows desktops with admin perms. Here SnipVex is just a cherry on top-a nice, opportunistic payload for the growing class of infostealers targeting crypto wallets
This is a chronic problem with hardware vendors.
Source: Software developer for hardware companies, for over 30 years.
Opensource printer stack is a legacy mess. There is critical vulnerability almost every year. There are not enough money or developers to fix that!
I don't necessarily disagree, but isn't this because of extremely bad firm/soft/hardware design by the printer companies that then have to be supported by the open source stack?
Not affiliated, just happy user, at least some companies seem to be able to deal with it, regardless if it's open source (my stack) or not (my wife's Apple-stack).
But this process is still ongoing and lazy hardware vendors will continue to be lazy in their switch, if they have the option.
Go look at the "build log" in your compromised jenkins server and download the (already compromised) build artifact and make sure it matches the mega.co.nz file?
Do you expect the average software engineer to be able to look at a .exe, pull up a disassembler, and know that all the assembly maps back to the source code?
Totally fills you with confidence.
My keyboard's drivers are hosted on "egnyte.com"
This is an afternoon's effort for the junior intern, but was "too hard" for these people.
That this system is so insecure as to be hit multiple times, I don't know how much stock anyone should put in "improved processes". This is a company who seems to have gone out of their way to create an insecure environment - probably out of some frustration, but all the same, insecure.
elmt35•2h ago
yccs27•1h ago