New malware that targets Bitcoin wallets identified
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Credit: Shutterstock

Damballa Threat Research found a new piece of malware called Pony Loader 2.0 that can be used to steal Bitcoin

Credit: Shutterstock

Credit: Shutterstock

Now that there are virtual wallets, there are also virtual pickpockets, according to security company Damballa Threat Research, which recently discovered a new piece of malware being sold on the criminal market that is designed to target and steal Bitcoin wallets.

In a June 24 blog post Damballa said it received an unknown malware sample for analysis and after performing certain tests it identified the malware as Pony Loader, also called Fareit, which has long been able to steal sensitive information from a victim’s computer and install additional malware. The malware has previously been used to distribute the P2P Gameover Zeus Trojan. That version, 1.9, had its source code leaked over the internet and has since been modified into Pony Loader 2.0, which targets bitcoin wallets. Damballa said this new version was listed for sale on criminal markets in May, but it has been circulating the internet since early this year.

“Now that the source is listed for sale, Damballa Researchers expect to see an increase in this type of bitcoin stealing malware with customized capabilities,” Damballa said in its post.

How to protect your virtual wallet

Bitcoin wallets (wallet.dat files) are generally not encrypted by the Bitcoin program by default, according to Bitcoin Wiki. Anyone can steal unencrypted wallets, so there are encryption programs that can reduce the chance for anyone to gain access to Bitcoin wallets.

According to Damballa, Pony Loader 1.9 and 2.0 include a wordlist used to brute-force user accounts on victims’ computers. The malware looks for private keys associated with Bitcoin accounts and forwards that information to attackers allowing them to get into unencrypted wallets.

Damballa listed the Bitcoin wallets targeted, which include: Electrum, MultiBit, Litecoin, Namecoin, Terracoin, Bitcoin Armory, PPCoin (Peercoin), Primecoin, Feathercoin, NovaCoin, Freicoin, Devcoin, Frankocoin, ProtoShares, MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Ixcoin, Anoncoin, BBQcoin, Digitalcoin, Mincoin, Goldcoin, Yacoin, Zetacoin, Fastcoin, I0coin, Tagcoin, Bytecoin, Florincoin, Phoenixcoin, Luckycoin, Craftcoin, Junkcoin and the original Bitcoin client.

“Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs is risky,” Damballa wrote.

Founded in 2006, Damballa is a team of data scientists, innovators and researchers that works to solve security gaps for businesses. The Atlanta, Ga., company helps enterprises prevent loss of data, intellectual property, finances and reputation due to cyber-security breaches. The company said it continues to look into this new malware, but that its solutions can help protect against Pony Loader 2.0.

Photo credit: Shutterstock, pickpocket trying to steal purse

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
Aviva Gat

About Aviva Gat


Olah Chadasha and former finance reporter from New York City. Gat is a writer, runner and traveler who came to Israel for the good food and weather. She writes for Geektime’s English and global desk.

More Goodies From Security


4 Network Security Tips Progressive Small Businesses are Implementing

For Retail Startups, Security is Paramount

Russia in talks with US to create cybersecurity working group