March 26, 2014
Bitcoin Malware: Beware the Digital Pickpockets
Bitcoin is a global phenomenon that's driving a 21st century gold rush. As it stands, Bitcoin is an easy target. It is little regulated and is a desirable target at $600-$700 a coin. Since 2011 there have been more than 30 heists resulting in high-value thefts of thousands of coins -- amounts that could surpass $1 billion at today’s prices.
Bitcoin exchanges: like stock exchanges with a lot more vulnerabilities
How did criminals steal the digital money? By putting the often extremely vulnerable Bitcoin exchanges in their crosshairs. Most Bitcoin exchanges were built hastily during the early days of the Bitcoin goldrush using vulnerable web languages such as PHP. This combined with the fact that in many cases security was an afterthought due to the rush left the many exchanges as vulnerable as a poorly built PHP website. Take the Mt. Gox scandal, for example. Criminals stole around 850,000 Bitcoins. Whether you think it was an elaborate insider scam or the result of hackers exploiting a complex bug in the bitcoin protocol known as the transaction malleability flaw - the fact remains that at $477 Million this has the potential of going down as the largest cyberheist in history.
Bitcoin wallets can be stolen, too
However, Bitcoin criminals also target users directly by focusing on the Bitcoin wallet, arguably Bitcoin’s greatest strength and greatest weakness. The Bitcoin wallet is a piece of software that contains two very important pieces of information, often stored in a “wallet.dat” file. The wallet address is a 24 to 37 alphanumeric character string which uniquely identifies a wallet from all the others out there. And the private key is a is a secret number that allows bitcoins to be spent. Every Bitcoin address has a matching private key, which is saved in the wallet file of the person who owns the balance. By stealing these two pieces of information it is possible to seize all the associated coins in that wallet. In fact if a user was to just lose these numbers they would forever lose access to any Bitcoins in that wallet. The fact that such simple pieces of data can unlock such huge wealth has lead to the evolution of many different types of wallet stealers. These wallet stealers come in all sorts of shapes and sizes. The simplest wallet stealers tend to be phishing emails which either invite you to upload your wallet or include some sort of executable payload which uploads your wallet as it runs. More sophisticated wallet stealers come in the form of trojans hidden in innocuous applications -- PC predominantly, though we know malicious mobile apps can be built around this -- or buried in potentially interesting content such as the files leaked as part of the recent MTGox hack. The most sophisticated pieces are capable of hiding in a target system, waiting for its owner to access any secured wallets before acting. In all, SecureWorks has identified close to 150 different types of wallet stealing malware.
Mining for coins using your computers
However, the problems don’t stop there. The process of “mining” is a legitimate way to earn Bitcoins by solving complex mathematical problems to unlock Bitcoins. As it stands most if not all of the Bitcoins generated through the mining process are created using legitimate resources. However, stealing computing resources to complete these mathematical problems is something that criminals have perfected. They use infected machines, known as zombies or bots, to run mining activities. Bots, traditionally have been used to do everything from sending millions of spam emails to launching immense denial of service attacks, which cripple entire nations. So it should be no surprise to us that they are being repurposed for Bitcoin acquisition. Indeed, recently we have even found malware that attempts to use smartphones as a resource for illicit mining of digital coins.
Where there’s money, there are people willing to get it at all costs
The rise of digital currencies has been meteoric. Literally overnight, ordinary folks have found themselves with digital currency worth millions of dollars. This sudden explosion of wealth has created an extremely attractive opportunity for criminals:
- Due to the haste few security measures have been implemented - either in exchanges or wallet software.
- Despite the transparency of Bitcoin itself, many early exchanges are operated in secrecy often with little or no audit trail.
- The rewards for successful attacks have been huge - see MTGox above.
Until adequate security is implemented end-to-end - from exchange to wallet - we should expect criminals to continue looking to develop fresh ways to help themselves to these pots of gold. Despite all of this there are some simple steps which the ordinary user can take to stay safe. First and foremost, treat your digital wallet like a credit card. Don’t leave it lying around where someone might be able to access it. Indeed, recently we have even found malware that attempts to use smartphones as a resource for illicit mining of digital coins. Best practices when protecting your wallet:
- Make sure you are using a wallet application that encrypts your wallet
- Keep your wallet offline. For example, put it on removable media such as an SD card that you keep in a safe
- Keep a backup of your wallet in a secure location by printing out your wallet address and its private key
- If you are dealing with large volumes of Bitcoins, don’t put all your eggs in one basket. Consider splitting your balance across multiple wallets
How to protect yourself from malware:
- Don’t click on links in emails from people you don’t know
- Ensure that the Android system setting ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs
- Download a mobile security app like Lookout’s app that protects against malware as a first line of defense