BitCoin Jackers Ask: “What’s in Your Wallet?”

by

Share this news now.

By Adam McNeil

BitCoinJacker-StealMeMoney

With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends.  These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion into the up-and-coming Digital Currency market.

The Webroot Threat Research Department has already seen many malware campaigns targeting BitCoin users.  The recent explosion (and subsequent implosion) of the BitCoin value has expedited the need for custom compiled BitCoin harvesters and the malware authors are happy to abide.

More details:

We have recently uncovered source code for a BitCoin Jacker that, once deployed, will search the computer for BitCoin wallet files and subsequently transmit the data back to the malicious attacker.  The author of this software encourages its users to plunder BitCoin wallet files and then post to “public” servers so that others can pilfer the contents – but also throws in a simple request to send the author money should the attacker get ‘rich’.

BitCoinJacker-Code

BitCoin users will know that the wallet file is typically encrypted to try and prevent unauthorized access to the contents of the file, but this is just a small obstacle for an experienced attacker.  Weak passwords (passwords containing words that are in the dictionary or passwords that do not contain a mixture of upper case and lower case letters, numbers and symbols) are easily cracked using any number of brute force hacking tools.  Or, to thwart the tedious task of password cracking, others will simply bind this custom compiled BitCoin Jacker to a crypted keylogger (such as the Private Keylogger that was recently blogged by resident blogger Dancho Danchev) and then deploy the entire payload to unsuspecting users with the hopes of not only collecting the wallet file, but also the encryption key that goes with it.

So what can BitCoin investors do to protect their wealth?

By far the safest method to save your wallet file is by utilizing a combination of strong encryption passwords and offline storage of the .wallet file as well as to ensure that your system is secure and free of viruses and other types of malware.  The bitcoin.it Wiki has a great write-up regarding various methods to secure the wallet file as well as ensuring the system is secure.  BitCoin users who may be unfamiliar with BitCoin security or the threats posed to their financial data would benefit by following the suggestions listed on their “Securing Your Wallet” Wiki page.

Just remember that malware authors are always on the hunt for the latest trend that can produce a profit.  And with regard to the current BitCoin trend, you can be sure that the malware authors are currently asking the question (to borrow a slogan from a major Credit Card company): “What’s in Your Wallet?

Webroot SecureAnywhere users are proactively protected from this threat.


Share this news now.

Tags:



About the Author

Name: Grayson Milbourne
Role: Threat Team Member

Share this news now.

Grayson Milbourne is the Security Intelligence Director for Internet security company Webroot. Over the past nine years Milbourne has worked in various areas of the company, spending the past seven years focused on threat analysis. His areas of security intelligence expertise range from mobile to reversing to automation to cloud security. Grayson is also an avid participant in the security community and drives awareness of current threats by speaking at major events such as RSA and Virus Bulletin. Most recently, Grayson has been focusing on the growth of mobile malware and the risks associated with BYOD. Additionally, he writes and provides technical review for the Webroot blog.


Share this news now.

Trackbacks

  1. [...] that Internet is full of news related to malware designed to steal Bitcoin, recently Webroot blog wrote an article on malicious codes attempt to make money on all sorts of digital transactions, the [...]

  2. [...] Department of Defense concluded that his invention could be a national security threat in the wrong hands and slapped Gold’s patent application with a so-called “secrecy order” in [...]

  3. [...] like Webroot picked up my source code for an article ::HERE::. This is a screen shot of my Assembly code for Robin [...]

  4. […] international underground market proposition, detailing the commercial availability of a stealth Bitcoin miner, feature screenshots of the actual DIY miner generating tool, screenshots provided by happy […]