Even when the famous Bitcoin Mt.Gox exchange fell victim to online robbery, the coin-currencies continue to be popular. The rapid increase in the value of virtual crypt coins such as Bitcoin makes them quite attractive to thieves, and of course it is now necessary for users to start taking additional measures to secure their online / offline wallets.
There are currently more than 100 different malware families targeting user wallets and transactions to steal Bitcoins and 40 other cryptocurrencies such as Litecoin, Flexcoin, and more, as Dell SecureWorks researchers reported during the RSA Conference last week. About 80 of them appeared during the last year, when the value of Bitcoin reached $1.000.
While there are some types of malware that are specifically designed to steal digital coins, most of them are based on generic malware designed to steal coins and are modified according to the type of cryptocurrency that its developer wants to steal, said Joe Stewart. Director of Dell SecureWorks Malware Research. When malware can already steal login credentials on online banking websites, modifying to grab the credentials of online wallets and transactions is not technically difficult. Most of the thieves who write them are "script kiddies," the researcher said.
In reality, malware and the tools that can be used to build it are not overly complex and are widely available. For example, the most popular malware PredatorPain which is responsible for a third of all attempts to steal Bitcoins, costs as little as $35 on underground forums. "A novice developer could create something that would steal Bitcoins," said Pat Litke, a consulting security analyst from Counter Dell SecureWorks Threat Unit.
Why Do They Target Bitcoins?
Bitcoin is a form of open-source crypto-coin circulating from 2009 from a dark figure (previously) called Satoshi Nakamoto. Often the preferred payment method for the purchase of drugs and other illegal services, Bitcoin is now accepted by more than 3.000 legitimate traders. Each transaction is recorded on a blockchain, a global public display, but the names of the participants are not stored. People send and receive virtual currencies through online shopping, or "trading". Until recently, Mt.Gox was the largest Bitcoin exchange.
Thieves steal Bitcoins and other forms of cryptocurrency with wallet-stealing malware, credential-stealing malware, and man-in-the-browser attacks, Stewart and Litke said.
"While it takes a lot of effort to launder money from credit cards and bank accounts, there is no need for Bitcoins," Stewart said. It is much easier to redeem money from stolen wallets than to withdraw money from bank accounts that have been breached.
When Malware Attacks
Since Bitcoins are stored in a digital wallet, which can be either in the cloud or on a user's computer, the most common and effective types of malware are wallet-stealers. This type of malware searches for the "wallet.dat" file or other common filenames commonly used on the user's computer and then transfers them to a remote server. The thieves then take the user's key out of the wallet and transfer the funds to a different wallet that belongs to them.
Exchanges are also clearly easy to crack with credential-stealing malware that monitors and records login details as the user trying to connect to the exchange. Even if the website has two-factor authentication, Stewart and Litke reported that more advanced forms of the malware can intercept the One-Time-Password as it is being used, reports securitywatch.pcmag.com.
Με την επίθεση τύπου man-in -the-browser, το κακόβουλο λογισμικό παρακολουθεί το πρόχειρο του υπολογιστή (clipboard). Όταν ο χρήστης αντιγράφει μια διεύθυνση Bitcoin για να την επικολλήσει, το κακόβουλο λογισμικό αντικαθιστά το string με τη διεύθυνση Bitcoin του κλέφτη, είπε ο Litke. Δεδομένου ότι κανείς δεν μπορεί να συγκρατήσει τα αναγνωριστικά των wallets με την πρώτη ματιά, οι περισσότεροι χρήστες δεν θα παρατηρούν ότι η διεύθυνση έχει αλλάξει και στέλνουν τα νομίσματα σε λάθος παραλήπτη. Δυστυχώς, δεν υπάρχει κανένας τρόπος για να αναστρέψουν την συναλλαγή.
Keeping currencies safe
When Mt.Gox, the oldest and probably the best-known Bitcoin exchange, bankrupt 26 in February, revealed that the thieves had taken about 744.000 Bitcoins, an amount valued at about 475 million dollars.
In case you think you can only rely on your antivirus to keep malware away, Dell SecureWorks experts claim that the average detection rate for these malware families in all the antivirus tools on the market was just 48%. Users will simply have to learn to operate as they would if their system were not malware-free and constantly take extra steps to secure their wallets and accounts.
SecureWorks recommends users use hardware wallets, on USB or computers that are not connected to the internet. Transactions in this way may be slower, but it is better to have a slow transaction than a transaction that will lead to theft of your currencies.
