In recent days too many owners Bitcoin, have reported in BitcoinTalk that they have received suspicious emails designed to steal some of their Bitcoins. Security investigators have analyzed the attack and give us more details.
According to LogRythm, the attack begins with an email message that has the subject of "Wallet Backup." The message says:
Έκανα ακριβώς αυτό που μου είπες να κάνω, αλλά το πρόβλημα παραμένει: η εισtreatment του ιδιωτικού κλειδιού δεν λειτουργεί και με έχει τρελάνει!
Thanks for your help. I'll send wallet.dat with my code [abbreviated URL]. If you need something else, tell me. If you can finally enter the key, send me the BTC to the account: 1DxFvJ6up9jXAZ9pkUmWVdiMTWvsjgB5Ea
You will help a lot. Thanks David! ”
The link points to a web page set up to “serve” a file named “Backup.zip.” The file contains various other files, but only two of these are visible: Password.txt.lnk and wallet.dat.
When the link file is run, it appears to open a txt file containing a password. However, one has started running in the background malicious executable file.
Malware waits for victim to open Bitcoin wallet using software Bitcoin-Qt. While victims believe that they will "get their hands on" 30 BTC, they will in fact empty their wallets.
Η LogRythm has found that the abbreviated URL has been run by at least 1.674 people. Most of the victims of this attack are in the United States.
For more technical details about the attack and malware used by attackers, see the blog of LogRythm.