Criminals have pilfered about $220,000 worth of bitcoins and other digital currencies in a sustained, global attack that uses malware to steal the digital wallets stored on infected computers, researchers said Monday.
The malicious application known as Pony stole the digital loot from 85 wallets from September through January, researchers from security firm Trustwave's Spider Labs division wrote in a blog post. In all, the malware stole coins from at least four different digital currencies, including 355 bitcoins, 280 Litecoins, 33 Primecoins, and 45 Feathercoins. The coins were only a small part of the assets seized by Pony. During the same four-month span, Pony lifted credentials for more than 725,000 accounts. Those user names and passwords controlled access to accounts for websites, e-mail, FTP, secure shell, and remote desktops.
"This instance of Pony compromised 85 wallets, a fairly low number compared to the number of compromised credentials," Spider Labs researcher Daniel Chechik wrote. "Despite the small number of wallets compromised, this is one of the larger caches of Bitcoin wallets stolen from end-users. It is likely that this low number simply reflects the percentage of people actually using bitcoins and storing their wallets on their local machine, which explains why this number seems to grow as Bitcoin becomes more popular."
Pony is the same piece of malware that two months ago was found to have pilfered more than two million passwords and stored them on a server operated by the attackers. The credentials provided access to all kinds of accounts, including those on Facebook, Google, Twitter, and Yahoo. Given the success of collecting sensitive data for such a large range of sites, it was only a matter of time before Pony developers updated their code to target digital wallets.
Pony is only the latest online attack campaign to target digital currencies. High-value Bitcoin heists were hitting exchanges as long ago as September 2012. More recently, attackers have exploited a flaw in the underlying functions of many Bitcoin wallets that can take some exchanges down by inundating them with large numbers of "phantom" transactions.
Malware that steals digital wallets relies on end users who fail to take oft-repeated advice from security experts. Chief among the recommendations is to avoid storing wallets on Internet-connected computers when possible. Security experts have also recommended people use a wallet that is locked with a long, randomly generated password. The wallets contain the private cryptographic keys needed to transfer ownership of bitcoins and other forms of digital currency. Once someone gains access to the private key, he or she takes ownership of the corresponding coins. The decentralized structure of the digital currencies makes it impossible to reverse the transaction.
Pony victims are mostly located in Europe, with 28.5 percent of infected machines in Germany, followed by 11.9 percent in Poland, 10.8 percent in Italy, and 10.2 percent in the Czech republic.
Listing image courtesy of Malicious Badger.
Listing image by Malicious Badger
reader comments
39