Over the past few days many Bitcoin owners have reported to BitcoinTalk that they have received suspicious emails designed to steal some of their Bitcoins. Security investigators have analyzed the attack and give us more details.
According to LogRythm, the attack begins with an email message that has the subject of "Wallet Backup." The message says:
“Hi David
I did exactly what you told me to do, but the problem remains: the introduction of the private key does not work and it's crazy!
Last time I looked blockchain.info still had 30.28020001 BTC on it account my. But the bitcoinqt client doesn't load the key so I can't access my BTCs.
Thanks for your help. I'll send wallet.dat with my code [abbreviated URL]. If you need something else, tell me. If you can finally enter the key, send me the BTC to the account: 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
You will help a lot. Thanks David! ”
The link leads to a webpage set up to "serve" a file named "Backup.zip." The file contains several other files, but only two of them are visible: Password.txt.lnk and the wallet. dat.
When the link file is run, it appears to open a txt file containing a password. However, in background έχει ξεκινήσει να τρέχει ένα malicious executable file.
Malware waits for victim to open Bitcoin wallet using software Bitcoin-Qt. While victims believe that they will "get their hands on" 30 BTC, they will in fact empty their wallets.
Η LogRythm has found that the abbreviated URL has been run by at least 1.674 people. Most of the victims of this attack are in the United States.
For more technical details about the attack and malware used by attackers, see the blog of LogRythm.