Computer security firm Dell SecureWorks has managed to identify 146 types of bitcoin malware in the wild.
The company’s researchers found the distinct breeds of malware had been specifically designed to steal bitcoins – a number of them presenting quite a danger to owners with coins stored either online or on their computers.
The firm concluded that the number of Windows-compatible cryptocurrency stealing malware (CCSM) strains has gone up in line with bitcoin’s increase in value.
The total of 146 strains is up from 45 a year ago, and 13 two years ago, the researchers say. The biggest spike came after bitcoin briefly broke the $1,000 mark late last year.
Cyber criminals tend to pursue high-growth markets. There has been a lot of focus on smartphones lately, and bitcoin is an obvious target on more than one level.
While most smartphone malware will steal personal info and cause various problems, bitcoin-targeted strains offer the added benefit to the criminals of stealing money with relative ease, and it appears that many can’t resist the allure of bitcoiners’ digital wallets.
Wallets in their sights
The most common type of CCSM is designed to go after digital wallets, for obvious reasons. The malware searches infected computers for wallet software – either by looking in specific locations or by searching all drives found on the system.
Once a wallet is located, the malware uploads it to a remote server, allowing the attacker all the time they need to crack the keys and steal the coins.
Many strains also log the victim’s key strokes, so the attacker does not even have to bother with any cracking. The keylogger provides all the passwords and credentials they will need to pull off a successful heist.
Some malware strains even trick people into sending bitcoins to the attacker.
These types detect when a bitcoin address is copied to the clipboard and put a different one in its place. When the user tries to paste the original during a bitcoin transaction, the substitute address is inserted and the funds are sent to the attacker.
This is also the most sophisticated angle of attack employed by the malware creators, as it does not require data to be sent to a remote server and can operate autonomously, making it much more challenging to detect.
Just recently, the Pony botnet managed to steal $220,000 worth of bitcoins from 30 different types of digital wallets.
Although two-factor authentication is proving very popular in the bitcoin world, it is still vulnerable to attack. It does offer an added level of security, but advanced malware can successfully fool it.
Several exchanges are using two-factor authentication using one-time PINs, but some malware developers are one step ahead, with CCSM strains that can detect such systems and intercept the PIN as it is used. They then open a hidden browser window and simply log in from the victim’s computer.
Another issue of concern is that Dell SecureWorks found that standard antivirus scanners were incapable of detecting roughly 50% of the CCSMs in circulation.
Unsurprisingly, Windows is by far the most popular platform for CCSM developers.
Researchers found that 99% of active bitcoin malware is targeted at Windows users, so those running Mac OS X or Linux are in a much more secure position.
Mac owners shouldn’t relax completely, however – most of the efforts to protect users from malware are aimed at Windows systems too, and the arrival of a serious malware threat could be bad news.
There is no word from the researchers on how Android and other mobile operating systems are affected by malware.
Many users overlook security on their mobile devices, but it should be pointed out that Android is by far the most popular platform for mobile malware developers.
Along with the facts that Apple does not allow bitcoin apps, and that many bitcoin users who need a mobile wallet are turning to Android, this sounds like a huge threat in the making for those using that platform.
Of course, don’t forget that there are plenty of cold storage solutions out there too. Or you could even use the CoinDesk guide to make a paper wallet for your bitcoins.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.