Hackers are targeting the login data entered into bitcoin wallet sites using Dyreza, a credential-stealing malware, two security firms have noted.
Trend Micro and ThreatTrack Security observed the malware attack campaign which preys on those running vulnerable versions of Adobe Reader and Acrobat
Trend Micro threat response engineer Rika Joi Gregorio covered the campaign in a blog post last week, noting that the attackers were exploiting an old vulnerability in Adobe Reader and Acrobat covered in CVE-2013-2719. This furthers the spread of the malware, known for malicious behaviour, such as “man-in-the-middle (MitM) attacks via browser injections, monitoring online banking sessions of targeted banks, and stealing other information such as browser versions, snapshots, and personal certificates.”
Some of the targeted Bitcoin pages in the campaign, include bitpay.com, bitbargain.co.uk, bitbargain.co.uk/login, localbitcoins.com and bitstamp.net/account/login, the firm found.
Security firm ThreatTrack also warned that bitcoin sites Bitpay, BitBargain and LocalBitcoins were targeted by Dyreza, but that other pages, like anxbtc.com, blockchain.info, coinjar.com, and expresscoin.com, were also impacted by the phishing campaign.
ThreatTrack said that it also detected “email ploys like purported messages from JPMorgan Chase and CNN,” delivered to users.
“While this is not the first instance that scammers and cybercriminals target bitcoins,” Gregorio warned, “this new attack highlights how traditional threats like exploits and banking malware remain to be a relevant means for cybercriminals to steal both user credentials and hit a relatively new platform – bitcoins.”
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more