In another example of the security mantra of "be careful what you click," at least one Bitcoin trader has been robbed in a forum "phishing" attack designed specifically to ride the hype around the digital currency. The attack attempts to use Java exploits or fake Adobe updates to install malware, and it's one of the first targeted attacks aimed at the burgeoning business of Bitcoin exchanges.
The bait for the attack was a post to a Bitcoin traders' forum announcing that MT.Gox was going to start handling exchanges of Litecoins, a Bitcoin alternative. The post advertised a live chat on the topic at a link provided to mtgox-chat.info. That site, which used stolen code and style to masquerade as the legitimate MT.Gox site, then prompted victims to update their Java plugin and offered a forged Adobe updater.
The scam was first reported on reddit earlier this week, when a redditor reported spotting the fake site and its attempt to drop malware. While the attack was originally described by one of its victims as a "Java zero-day" exploit, it actually uses either a Java exploit or a fake Adobe updater to deliver its malware payload. That payload is DarkComet, a fairly common "remote administration tool" and keylogger. The attackers not only stole credentials for the victim's MT.Gox account, but they took other passwords as well.