A couple of new malware viruses with the ability to retrieve private CPU information without the user noticing have been detected by researchers on the Google Project Zero team. These are named Spectre and Meltdown, and could steal passwords and private keys using the processor of numerous computers.

While one program should not normally be able to read data from another program, using one of these viruses makes it possible to obtain information stored in the memory of a different application. This may include pre-loaded passwords in browsers, photos, videos, emails, documents, and even wallet keys in your computer.

Modern processors operate with a scheme called Branch Prediction Unit. Basically, the computer's processor creates certain predictions according to the user's movements, in order to anticipate what the next step will be when an application is used. The processor tries to learn the logical sequence of the program to guess with the minimum failure rate whether a jump will be taken or not.

The prediction scheme described above allows the information to be processed quickly and efficiently, since when the decision is made about what to do, you have the way forward. The disadvantage of this type of programming is that sensitive user information can be stored in predictions and exploited by this type of malware.

Both Meltdown and Spectre can operate on desktops, laptops, mobile devices and cloud servers. They both use the computer's processor to infiltrate. They are virtually undetectable and are rarely recognized by antivirus software. Also, because of its structure, it is difficult to know when a computer has been infected.

Intel, AMD and ARM brand processors are vulnerable, according to Project Zero. Up to now, devices with Android, Linux, Windows and OS X operating systems are known to attack, but almost all modern devices operate with this type of processor, so the magnitude of the consequences of this problem is unknown.

As for safeguarding private keys to the wallets of cryptomoney, the first recommendation is to make use of cold wallets, such as those produced by Trezor and Ledger. These are not vulnerable to the above-mentioned attacks because viruses need Internet access to spread. Ledger explained that whenever security recommendations are followed, even when the computer is affected by the virus, the portfolio is protected.

Cold wallets store the user's private keys on a chip and never leave it, they are only accessed with permission. Notwithstanding this, it is recommended not to share the device's pin, check the address to which the cryptocurrencies will be sent and install the application only from the company's official site.

If you do not have a portfolio of such cryptocurrencies (hardware wallet) handy, the general recommendation offered by MyEtherWallet members is to update the operating system and browsers as soon as possible. Particularly Google Chrome users are advised to configure it to isolate websites. This is a new security option that provides the browser with a second line of defense to protect your computer from potential malware attacks spread through web pages.

Finally, there are patches to improve security after a Spectre or Meltdown attack and they can be installed depending on the malware in Linux, Windows and OS X operating systems. Meltdown differs from Spectre in that it breaks the mechanism that prevents applications from accessing places in the system's arbitrary memory. Spectre on the other hand "tricks" applications to enter arbitrary locations of their memories.

This is not the first virus that could endanger the integrity of cryptocurrencies portfolios. Quant Trojan malware has been updated in its design to look for bitcoin and other cryptoactive portfolio credentials. The team of researchers who tracked the virus said this is an evolution that was responsible for distributing and infecting computers with ransomware Locky and Pony, and is available for purchase in underground Internet forums in Russia.