April 6, 2013
Kaspersky Lab Discovers Bitcoin-Mining Malware That Targets Skype Users
redOrbit Staff & Wire Reports - Your Universe Online
A new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins, researchers from multi-national security software firm Kaspersky Lab have discovered.
Bitcoins, which Lucian Constantin of IDG News Service describes as “a decentralized digital currency” that has seen its popularity soar since the beginning of the year, are generated according to special algorithms on a computer using their CPU and GPU resources — Bitcoin mining, as it has been dubbed.
The digital currency is currently trading for more than $130 per unit, “making it an attractive investment for legitimate currency traders, but also cybercriminals,” Constantin added.
Hackers have been using botnets and are starting to develop malware capable of generating Bitcoins, and a new campaign was detected by Kaspersky Lab security personnel on Thursday. This new method targets Skype users, using messages like “this is my favorite picture of you” to trick them into clicking on a rogue bit.ly URL.
Clicking on that link begins a malware download which does several different things, including turning the infected computer “into a slave of the Bitcoin generator,” Kaspersky Lab Expert Dmitry Bestuzhev told Ted Sampson of Infoworld. Once the harmful program, which was identified by Constantin as skype-img-04_04-2013.exe, is on an individual´s machine, it begins leeching the computer´s processing power to mine Bitcoins.
The download comes from the Hotfile.com service, and the malware itself connects to its C2 server located in Germany, Bestuzhev said. Sampson said that most of the potential victims reside in Italy, followed by Russia, Poland, Costa Rica, Spain, Germany, and the Ukraine. In addition, VentureBeat reports that the Trojan is receiving nearly 2,000 clicks per hour.
“The bad guys are also going after Bitcoin exchanges and storage services,” Sampson said. “On Wednesday, online Bitcoin storage service Instawallet revealed that its database has been fraudulently breached and perpetrators made off with an unspecified number of Bitcoins.
“The company said it plans to open a claims process for balance holders to recover stolen funds. In the meantime, the company is suspending its service indefinitely until it can develop an alternative architecture,” he added. “Separately, Tokyo-based exchange Mt. Gox issued a statement Wednesday that it has been targeted with ongoing DDoS attacks, which resulted in trading lags, 502 errors, and users being unable to access their accounts.”