The hackers operating Cerber ransomware have just upped their game. The proliferate ransomware, which has already undergone several updates, has once again evolved. Cerber now comes with new capabilities that allow hackers to steal data from Bitcoin wallets.
The ransomware can now also steal saved passwords from popular web browsers, including Internet Explorer, Google Chrome, and Mozilla Firefox. The ransomware has also been upgraded to hunt for data related to three Bitcoin wallet apps — the Bitcoin Core wallet, the Electrum wallet app and the Multibit wallet app.
According to Trend Micro security researchers, while stolen browser passwords may help hackers hijack victims' accounts, the stolen data from Bitcoin wallets may not be of much use to the hackers. "Theft of these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question," Trend Micro researchers said in a blog.
Security experts have previously said that Cerber may be Russia-based. The operators of the ransomware appear to be sophisticated. According to a previous study, the hackers behind Cerber rake in over $2m every year from their cybercriminal activities.
Moreover, the ransomware's operators have been diligent in avoiding detection. Last year, just a day after a Cerber decryption tool was issued out by Check Point security experts, the hackers behind the ransomware nullified the tool by updating Cerber.
According to Trend Micro researchers, in May this year, Cerber underwent six different upgrades in just a month. "Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. This new feature shows that attackers are trying out new ways to monetize ransomware," Trend Micro researchers said.