Cyber criminals look to cash in on Bitcoin's soaring value

Move over, DDoS attacks and data breaches -- bad guys are also using Skype to recruit unwitting Bitcoin miners

Cyber criminals are looking for ways to cash in on the recent surge in Bitcoin prices, which are now valued at around $137 a pop. This past week, we've witnessed DDoS attacks and database breaches targeting Bitcoin services, and now hackers are spreading malware, via Skype, designed to transform victims' computers into unwitting Bitcoin miners.

Bitcoin is a virtual currency that uses a peer-to-peer system to confirm transactions through public key cryptography. They have zero government backing; rather, they're backed by the continued actions of the computing power within the Bitcoin network. The digital currency's value has soared in the wake of Cyprus' economic collapse. The country may become home to the world's first Bitcoin ATM, according to Wired.

Now that interest in Bitcoins has spiked, cyber criminals are cashing in. According to Kaspersky Lab Expert Dmitry Bestuzhev, scammers have launched an ongoing social engineering campaign via Skype; they send messages to contacts, which include links to purported images. Clicking the link results in a malware download. The malware "does many things," according to Bestuzhev, "but one of the most interesting is it turns the infected machine into a slave of the Bitcoin generator."

Specifically, "once the malware is on the victim's machine, it goes about the business of usurping the PC's processing power in the service of mining Bitcoins," explained Dennis Fisher at ThreatPost. "The Bitcoin network relies on a complex system to create each Bitcoin and verify that the currency is valid and being spent by the owner of those Bitcoins. Part of that process requires a lot of processing power, and that's what the attackers behind this malware campaign are after."

The initial dropper detected by Kaspersky is Trojan.Win32.Jorik.IRCbot.xkt. "Once the machine is infected, it drops to the system many other pieces of malware. Downloads come from the Hotfile.com service. At the same time, the malware connects to its C2 server located in Germany," according to Bestuzhev.

Most of potential victims live in Italy, followed by Russia, Poland, Costa Rica, Spain, Germany, and Ukraine.

The bad guys are also going after Bitcoin exchanges and storage services. On Wednesday, online Bitcoin storage service Instawallet revealed that its database has been fraudulently breached and perpetrators made off with an unspecified number of Bitcoins. The company said it plans to open a claims process for balance holders to recover stolen funds. In the meantime, the company is suspending its service indefinitely until it can develop an alternative architecture. "Due to the very nature of Instawallet, it is impossible to reopen the service as-is," the notice said.

Separately, Tokyo-based exchange Mt. Gox issued a statement Wednesday that it has been targeted with ongoing DDoS attacks, which resulted in trading lags, 502 errors, and users being unable to access their accounts.

The company offered two theories as to why it had been targeted: It may have been an effort to destabilize Bitcoins in general by crippling one of the largest exchanges in the world,. Mt. Gox claims to be the largest Bitcoin exchange in the world "with more than 80 percent of all USD trades and more than 70 percent of all currencies."

Alternatively, the DDoS attacks may represent an effort to abuse the system for profit by driving Bitcoin holders to sell off their digital currency in a panic. "Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can," read Mt. Gox's announcement.

Notably, this isn't the first time cyber criminals have gone after Bitcoins. Last year, Bitfloor admitted to suffering a heist of 24,000 Bitcoins because someone their left unencrypted wallet keys laying around.

This story, "Cyber criminals look to cash in on Bitcoin's soaring value," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies