Subscribe

New bitcoin-mining malware discovered

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 15 May 2013

The Cyberoam Threat Research Lab (CTRL) has discovered a new sample of bitcoin-mining malware.

According to Cyberoam, the malware sample was found propagating through Facebook chat messages. It explains that the malware arrives as a link, and on clicking the URL, asks the user to download an .exe file.

Bitcoin is a digital currency created by Satoshi Nakamoto in 2009. Cyberoam says the term also applies to currency management open source software, and is created with a distributed network.

As per the initial virus scan on 'virscan.org', the malware was not detected by any major anti-virus solutions, says Cyberoam.

The security solutions vendor also notes that, apart from this, the malware also ensures it propagates itself and, on system reboot, emerges as ransom-ware, forcing victims to part ways with their information and/or money.

It also notes that the malware was found to be using 'Ufasoft BitCoin-miner' to abuse the CPUs and GPUs of infected computers to generate bitcoins. The attacker has taken special care to ensure and maintain the low detection rates of the malware, taking it high on the APT scale, the vendor notes.

Describing its impact, Cyberoam says the malware uses victims' infected machines for bitcoin mining, which might lead to hardware failure if the attacker runs the miner at top speed and full load.

It also points out that the malware connects to an IRC server, joins a channel and waits for commands. It retrieves further data or infection parameters from this IRC channel and accepts commands from the IRC server to perform following action on an infected system.

According to Cyberoam, the virus is also capable of intercepting Internet browser communications, which is done by hooking various APIs within Firefox and Internet Explorer; it thereby has the capability to steal sensitive user information, like usernames and passwords.

"Recent reports on the malware saying the threat is aimed at building a botnet to mine bitcoins using the CPU resources of victimised computers is only half the story," says Bhadresh Patel, lead vulnerability researcher at CTRL.

"Our threat research team ran a detailed investigation and also allowed the malware to become fully active, letting it achieve a reasonable degree of infection on test systems. With this approach, CTRL threat analysts have succeeded in conducting deep analysis of the malware and its latent threat potential while uncovering several other risks that have not been reported yet," he concludes.

Share