Bitcoin Headlines Attract Malware Developers

Bitcoin issues have been front-page news in recent months, especially after its surprising April exchange rate. In the latest McAfee Threats Report, for the second quarter of 2013, we discuss this topic. The following timeline highlights recent events about this virtual currency.

FP_BLOG_130810_1b

In our report we noted the growing interest in malware Bitcoin miners: malware that hijacks computer resources to mine (create) Bitcoins without the victims’ knowledge. In the same vein, security maven Brian Krebs posted a blog about an affiliate program that pays its members to distribute a Bitcoin mining bot which forces host PCs to process Bitcoin transactions. Here is a look at how the numbers of such malware are growing in our sample database.

FP_BLOG_130810_2

The peak in the third quarter of 2011 followed the first rise, begun in May that year, in the value of Bitcoins. That increase was suddenly stopped by the hack happened the following month. This year, we’ve again seen a peak in malicious Bitcoin miners following a rate rise and accompanying media coverage.

In the Threats Report, we also mention Litecoin, a Bitcoin rival created in October 2011. Litecoin is currently the main Bitcoin competitor, but it is one of many decentralized virtual currencies that have appeared and disappeared. I have counted over one hundred. The best known:

  • Bitcoin BTC (algorithm: SHA-256)
  • Litecoin LTC (algorithm: scrypt)
  • Namecoin NMC (algorithm: SHA-256)
  • PPCoin PPC
  • Devcoin DVC
  • Feathercoin FTC
  • IxCoin IXC
  • Novacoin NVC
  • Terracoin TRC
  • BBQCoin BBQ
  • Bitbar BTB
  • Bytecoin BTE
  • CHNcoin (Chinacoin) CNC
  • Mincoin MNC

With Litecoin as the leading Bitcoin challenger, it has also been targeted by malware, as described by ESET (MSIL/PSW.LiteCoin.A). McAfee VirusScan detects this malware as Generic BackDoor.u (MD5: 4c0835c83cd22c3a31790ffb25477033).

And as I was writing this post, I found more news:

  • On August 5, we learned that US authorities were seeking the extradition of an alleged facilitator of child porn. The man was arrested in Ireland and owns and operates Freedom Hosting, the biggest service provider on the anonymous Tor network. According to the DailyDot website, the suspect two years ago created “Onion Bank,” a bank operated by Freedom Hosting and offering anonymity for escrow, mixing, and merchant payment systems. The “bank” works “like PayPal for Bitcoins,” according to some ads on a hidden wiki.

FP_BLOG_130810_3

The Bitcoin saga is far from being over; we will continue to follow its future developments.