Bitcoin-themed malware 'rising sharply'

Experts are warning users to expect a steep rise in Bitcoin-themed malware attacks after Arbor Networks discovered a new virus called Bitcoin Alarm.

The latest virus is based on spam emails that take users to a website called bitcoin-alarm.net. This promises them a Windows app that will send them the latest Bitcoin prices via SMS. But the download contains a Trojan which Arbor research analyst Kenny MacDermid, who discovered the malware, said is designed for stealing login information, and is likely in this case being used to steal Bitcoins.

MacDermid reported the malware domain name and it is now detected by Scumware. But he warned that the attack is part of an upsurge in Bitcoin-themed viruses.

Bitcoin spam increase

He told SCMagazineUK.com: “We do see this type of malware as a growing trend. In fact, we're seeing a lot more Bitcoin-related spam. Spam messages are pretty commonly sent to everyone in the #bitcoin channel on the Freenode IRC network, which wasn't happening when the price was US $100 (£61).”

Cyber security experts at Ernst & Young (EY) agree that extensive press coverage of the skyrocketing value of Bitcoins is leading to an increase in related attacks.

Matthew Rees, assistant director in EY's fraud investigation and dispute services team, told SCMagazineUK.com: ““I would strongly expect there to be more of this kind of thing happening in the future simply because Bitcoin is so much in the news now.”

Rees added: “Bitcoin is a very interesting technology that may well open up whole new avenues of trading, of people being able to use micro-payments. But that's not what's in the press at the moment, it's that these things have rocketed in value from virtually nothing a year ago to US $1,000 a piece now. So there's advantage being taken of that noise.”

EY executive Roger Willis warned that the key vulnerability with Bitcoins is the wallet.dat file which contains the owner's public addresses and associated private keys. “If a hacker gets control of the private keys and knows the pubic addresses then they can spend the coins,” he told SCMagazineUK.com. “People don't realise that they can quite easily get malware on their computer and the Bitcoins can be gone underneath their nose and they won't even know about it.”

Encryption protection

Willis said users should protect themselves by encryption: “The wallet.dat file is not encrypted. However the latest version of the software does allow for encryption. People may not opt for that but they definitely should do.”

He added: “One should hold significant holdings of bitcoins offline in cold storage - I personally hold my bitcoins offline on a USB stick which is encrypted.”

And he advised: “Back up your wallet, erase any plain text wallets that are not encrypted on non-volatile storage like a hard disk or a solid state hard drive. Use hardware wallets and paper wallets. With a paper wallet you essentially write down your public and private keys on paper; and a hardware wallet is essentially like a little computer that you can use to spend bitcoins – the advantages of those are that they're immune to viruses, malware, there's little chance there'll be a security breach of those.”

* Another Bitcoin threat has been revealed by security expert Graham Cluley. In a 12 December blog post he warned of a hoax advert that tells Apple Mac users their computer has a feature which enables it to be used as a Bitcoin mining machine. The advert offers users instructions on how to unlock this feature but in reality the malware wipes all of their data, Cluley said.

This article originally appeared at scmagazineuk.com