By Adam McNeil


With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends.  These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion into the up-and-coming Digital Currency market.

The Webroot Threat Research Department has already seen many malware campaigns targeting BitCoin users.  The recent explosion (and subsequent implosion) of the BitCoin value has expedited the need for custom compiled BitCoin harvesters and the malware authors are happy to abide.

More details:

We have recently uncovered source code for a BitCoin Jacker that, once deployed, will search the computer for BitCoin wallet files and subsequently transmit the data back to the malicious attacker.  The author of this software encourages its users to plunder BitCoin wallet files and then post to “public” servers so that others can pilfer the contents – but also throws in a simple request to send the author money should the attacker get ‘rich’.


BitCoin users will know that the wallet file is typically encrypted to try and prevent unauthorized access to the contents of the file, but this is just a small obstacle for an experienced attacker.  Weak passwords (passwords containing words that are in the dictionary or passwords that do not contain a mixture of upper case and lower case letters, numbers and symbols) are easily cracked using any number of brute force hacking tools.  Or, to thwart the tedious task of password cracking, others will simply bind this custom compiled BitCoin Jacker to a crypted keylogger (such as the Private Keylogger that was recently blogged by resident blogger Dancho Danchev) and then deploy the entire payload to unsuspecting users with the hopes of not only collecting the wallet file, but also the encryption key that goes with it.

So what can BitCoin investors do to protect their wealth?

By far the safest method to save your wallet file is by utilizing a combination of strong encryption passwords and offline storage of the .wallet file as well as to ensure that your system is secure and free of viruses and other types of malware.  The Wiki has a great write-up regarding various methods to secure the wallet file as well as ensuring the system is secure.  BitCoin users who may be unfamiliar with BitCoin security or the threats posed to their financial data would benefit by following the suggestions listed on their “Securing Your Wallet” Wiki page.

Just remember that malware authors are always on the hunt for the latest trend that can produce a profit.  And with regard to the current BitCoin trend, you can be sure that the malware authors are currently asking the question (to borrow a slogan from a major Credit Card company): “What’s in Your Wallet?

Webroot SecureAnywhere users are proactively protected from this threat.

Grayson Milbourne

About the Author

Grayson Milbourne

Sr. Intelligence Director

Grayson Milbourne is the Security Intelligence Director at Webroot where he has worked for the past 14 years. In his current role, Grayson works to support the Product Management team to ensure Webroot products are effective against today’s most advanced threats.

Share This