New malware variant targets Bitcoin customers
Bitcoin aficionados were hit with a double whammy Wednesday, after China's largest Bitcoin exchange, BTC China Exchange, stopped accepting Chinese Yuan. The same day, security experts warned that a new variant of the Gameover malware, which is based on the Zeus banking Trojan, has begun targeting Bitcoin exchanges.
News of the blocking of Chinese Yuan (a.k.a. renminbi) deposits at Shanghai-based BTC China triggered a Bitcoin selloff, which caused the currency to lose about half of its value, dropping from a high of $1,250 Wednesday to a Bitcoin being offered for sale for just $636. At the Mt Gox exchange, meanwhile, the value of a Bitcoin Wednesday was averaging about $570.
The Chinese central bank's Bitcoin crackdown -- seen by some commentators as the government's attempt to bring the volatile virtual currency under control -- reportedly sparked a retaliatory series of distributed denial-of-service attacks that disrupted the website of the People's Bank of China.
Beyond the wildly fluctuating value of Bitcoins, Bitcoin aficionados should also beware a new version of the Gameover banking malware, which has been updated to steal login credentials for Bitcoin exchanges. That warning was sounded by cybercrime expert Etay Maor, who works for IBM's Trusteeer. He said in an interview that the Bitcoin-targeting malware variant has been active since at least Nov. 29.
"This Gameover variant waits until an infected user attempts to log into the BTC China website," Maor said in a related blog post. "When this occurs, the malware steals the victim's username and password and suspends the session temporarily." That pause is so the malware can launch a social engineering attack against the user, by employing HTML injection to request that the user of the infected PC share the one-time password sent by BTC China to authorize the transaction.
"Once the cybercriminal has the victim's credentials he can easily perform an account takeover and assume control of the Bitcoins associated with the account," Maor said.
The Gameover variant is just the latest attack to be launched against Bitcoin users and exchanges. Many previous attacks have targeted -- and drained -- free e-wallet services that allow people to store their Bitcoins online. One of the virtues of attacking those sites is that if a hacker is successful, he can sell the stolen cryptographic currency anonymously.
"By definition, it won't be traceable," said Maor.
Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.
http://www.informationweek.com/security/attacks-and-breaches/bitcoin-hit-by-gameover-malware-chinese-crackdown/d/d-id/1113166