29 July 2016
Find out more

Researchers find more than 100 malware families targeting bitcoin

27 February 2014  |  6341 views  |  1 Computer virus

The rise of bitcoin over the last year has piqued the interest of cybercrooks, who have created more than 100 unique families of malware designed to steal virtual currencies, according to Dell SecureWorks.

The crypto-currency community is currently reeling from news that troubled exchange MT. Gox appears to have lost nearly 750,000 bitcoins - worth hundreds of millions of dollars - to malleability-related theft.

While the MT-Gox case may be unusual for its scale, research from Dell SecureWorks suggests that theft is rife as crooks look to cash in on the skyrocketing value of bitoin and other currencies.

The research shows that the number of Windows-compatible cryptocurrency-stealing malware (CCSM) families has broadly tracked bitcoin's value, shooting up over the last six months.

The most common type of CCSM is the wallet stealer, which searches for well-known wallet software key storage locations, either by checking known file locations or by searching all hard drives for matching filenames. Typically, the file is uploaded to a remote FTP, HTTP, or SMTP server where the thief can extract the keys and steal the coins by signing a transaction, transferring the coins to their address.

Many wallet-stealer families also steal credentials for Web-based wallets, such as Bitcoin exchanges. Although several exchanges have implemented two-factor authentication using one-time PINs to combat unauthorised account logins, advanced malware can bypass this by intercepting the OTP as it is used and creating a second hidden browser window to log the thief into the account from the victim's computer.

The researchers also warn that once malware is installed on a computer there is a good chance it will fail to be spotted, with an average unweighted detection rate across major antivirus providers of a little under 50%.

With two-factor authentication and antivirus software largely ineffective at protecting virtual currency holders, Dell SecureWorks suggests using alternative wallets such as Armory and Electrum, which can protect against theft-by-malware by using a tricky split arrangement for key storage.

Splitting involves one computer, disconnected from any network, running a copy of the software and holding the private key that can sign transactions, while a second PC connected to the Internet holds only a master public key of which addresses belong to the offline wallet.

This computer can generate transactions, but it cannot sign them because it does not have the private key. A user wishing to transfer coins generates an unsigned transaction on the online computer, carries the transaction to the offline computer, signs the transaction, and then carries it to the online computer to broadcast the transaction to the Bitcoin network.

Comments: (1)

Bo Harald
Bo Harald - ZEF and Real Time Economy Program - Helsinki region | 27 February, 2014, 21:05

High price to pay for some convenience. Reasons for traditional service providers to move to more real time services - and rightly demand KYC and equal regulatory playfield.

Regulators - step in! Or do we have to wait for really big disasters?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

MT Gox goes up in smoke. Is this the end for bitcoin?

MT Gox goes up in smoke. Is this the end for bitcoin?

25 February 2014  |  6677 views  |  5 comments | 15 tweets | 10 linkedin
US state regulators investigate virtual currencies; Mt. Gox chief quits Bitcoin Foundation

US state regulators investigate virtual currencies; Mt. Gox chief quits Bitcoin Foundation

24 February 2014  |  6085 views  |  1 comments | 7 tweets | 6 linkedin
Bitcoin plunges again after dark market Web hack

Bitcoin plunges again after dark market Web hack

14 February 2014  |  6224 views  |  7 comments | 10 tweets | 7 linkedin
Bitcoin bug causes massive sell-off

Bitcoin bug causes massive sell-off

10 February 2014  |  9960 views  |  7 comments | 23 tweets | 16 linkedin
Triple whammy hits bitcoin price

Triple whammy hits bitcoin price

07 February 2014  |  5651 views  |  1 comments | 13 tweets | 5 linkedin
Danish bitcoin exchange Bips latest to suffer cyber-breach

Danish bitcoin exchange Bips latest to suffer cyber-breach

25 November 2013  |  4252 views  |  1 comments | 6 tweets | 6 linkedin
US police force pays out bitcoin ransom after falling to Cryptolocker

US police force pays out bitcoin ransom after falling to Cryptolocker

22 November 2013  |  5479 views  |  0 comments | 3 tweets | 1 linkedin
UK crime agency warns of threat from bitcoin ransomware

UK crime agency warns of threat from bitcoin ransomware

18 November 2013  |  4133 views  |  0 comments | 9 tweets | 10 linkedin
Bitcoin-mining Trojan infects PCs

Bitcoin-mining Trojan infects PCs

08 April 2013  |  5715 views  |  0 comments | 8 tweets | 4 linkedin

Related blogs

Create a blog about this story (membership required)
Find out moreVisit www.abe-eba.euVisit VocaLink.com

Top topics

Most viewed Most shared
satelliteContactless Bitcoin startup Plutus Tap &am...
9614 views comments | 10 tweets | 4 linkedin
Telefonica Germany launches Fidor-backed mobile banking serviceTelefonica Germany launches Fidor-backed m...
6838 views comments | 16 tweets | 22 linkedin
hands typing furiouslyManaging Big Data After Brexit
6052 views 0 | 6 tweets | 8 linkedin
UK and South Korea build 'fintech bridge'UK and South Korea build 'fintech bridge'
5984 views comments | 13 tweets | 14 linkedin
Finextra paper explores blockchain as an enabler of operational resilienceFinextra paper explores blockchain as an e...
5447 views comments | 12 tweets | 9 linkedin

Featured job

Find your next job