Damballa Threat Research found a new piece of malware called Pony Loader 2.0 that can be used to steal Bitcoin
Now that there are virtual wallets, there are also virtual pickpockets, according to security company Damballa Threat Research, which recently discovered a new piece of malware being sold on the criminal market that is designed to target and steal Bitcoin wallets.
In a June 24 blog post Damballa said it received an unknown malware sample for analysis and after performing certain tests it identified the malware as Pony Loader, also called Fareit, which has long been able to steal sensitive information from a victim’s computer and install additional malware. The malware has previously been used to distribute the P2P Gameover Zeus Trojan. That version, 1.9, had its source code leaked over the internet and has since been modified into Pony Loader 2.0, which targets bitcoin wallets. Damballa said this new version was listed for sale on criminal markets in May, but it has been circulating the internet since early this year.
“Now that the source is listed for sale, Damballa Researchers expect to see an increase in this type of bitcoin stealing malware with customized capabilities,” Damballa said in its post.
How to protect your virtual wallet
Bitcoin wallets (wallet.dat files) are generally not encrypted by the Bitcoin program by default, according to Bitcoin Wiki. Anyone can steal unencrypted wallets, so there are encryption programs that can reduce the chance for anyone to gain access to Bitcoin wallets.
According to Damballa, Pony Loader 1.9 and 2.0 include a wordlist used to brute-force user accounts on victims’ computers. The malware looks for private keys associated with Bitcoin accounts and forwards that information to attackers allowing them to get into unencrypted wallets.
Damballa listed the Bitcoin wallets targeted, which include: Electrum, MultiBit, Litecoin, Namecoin, Terracoin, Bitcoin Armory, PPCoin (Peercoin), Primecoin, Feathercoin, NovaCoin, Freicoin, Devcoin, Frankocoin, ProtoShares, MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Ixcoin, Anoncoin, BBQcoin, Digitalcoin, Mincoin, Goldcoin, Yacoin, Zetacoin, Fastcoin, I0coin, Tagcoin, Bytecoin, Florincoin, Phoenixcoin, Luckycoin, Craftcoin, Junkcoin and the original Bitcoin client.
“Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs is risky,” Damballa wrote.
Founded in 2006, Damballa is a team of data scientists, innovators and researchers that works to solve security gaps for businesses. The Atlanta, Ga., company helps enterprises prevent loss of data, intellectual property, finances and reputation due to cyber-security breaches. The company said it continues to look into this new malware, but that its solutions can help protect against Pony Loader 2.0.
Photo credit: Shutterstock, pickpocket trying to steal purse