Malware targets bitcoin site login data

Hackers are targeting the login data entered into bitcoin wallet sites using Dyreza, a credential-stealing malware, two security firms have noted.

Trend Micro and ThreatTrack Security observed the malware attack campaign which preys on those running vulnerable versions of Adobe Reader and Acrobat

Trend Micro threat response engineer Rika Joi Gregorio covered the campaign in a blog post last week, noting that the attackers were exploiting an old vulnerability in Adobe Reader and Acrobat covered in CVE-2013-2719. This furthers the spread of the malware, known for malicious behaviour, such as “man-in-the-middle (MitM) attacks via browser injections, monitoring online banking sessions of targeted banks, and stealing other information such as browser versions, snapshots, and personal certificates.”

Some of the targeted Bitcoin pages in the campaign, include bitpay.com, bitbargain.co.uk, bitbargain.co.uk/login, localbitcoins.com and bitstamp.net/account/login, the firm found.

Security firm ThreatTrack also warned that bitcoin sites Bitpay, BitBargain and LocalBitcoins were targeted by Dyreza, but that other pages, like anxbtc.com, blockchain.info, coinjar.com, and expresscoin.com, were also impacted by the phishing campaign.

ThreatTrack said that it also detected “email ploys like purported messages from JPMorgan Chase and CNN,” delivered to users.

“While this is not the first instance that scammers and cybercriminals target bitcoins,” Gregorio warned, “this new attack highlights how traditional threats like exploits and banking malware remain to be a relevant means for cybercriminals to steal both user credentials and hit a relatively new platform – bitcoins.”

Related reading

Leave a comment