BitCoin Jackers Ask: “What’s in Your Wallet?”

By Adam McNeil


With all the recent media coverage and extreme changes of the BitCoin value, it should come as no surprise that malware authors are trying to capitalize on the trends.  These people attempt to make money on all sorts of digital transactions and it’s probably a safe bet to expect their rapid expansion into the up-and-coming Digital Currency market.

The Webroot Threat Research Department has already seen many malware campaigns targeting BitCoin users.  The recent explosion (and subsequent implosion) of the BitCoin value has expedited the need for custom compiled BitCoin harvesters and the malware authors are happy to abide.

More details:

We have recently uncovered source code for a BitCoin Jacker that, once deployed, will search the computer for BitCoin wallet files and subsequently transmit the data back to the malicious attacker.  The author of this software encourages its users to plunder BitCoin wallet files and then post to “public” servers so that others can pilfer the contents – but also throws in a simple request to send the author money should the attacker get ‘rich’.


BitCoin users will know that the wallet file is typically encrypted to try and prevent unauthorized access to the contents of the file, but this is just a small obstacle for an experienced attacker.  Weak passwords (passwords containing words that are in the dictionary or passwords that do not contain a mixture of upper case and lower case letters, numbers and symbols) are easily cracked using any number of brute force hacking tools.  Or, to thwart the tedious task of password cracking, others will simply bind this custom compiled BitCoin Jacker to a crypted keylogger (such as the Private Keylogger that was recently blogged by resident blogger Dancho Danchev) and then deploy the entire payload to unsuspecting users with the hopes of not only collecting the wallet file, but also the encryption key that goes with it.

So what can BitCoin investors do to protect their wealth?

By far the safest method to save your wallet file is by utilizing a combination of strong encryption passwords and offline storage of the .wallet file as well as to ensure that your system is secure and free of viruses and other types of malware.  The Wiki has a great write-up regarding various methods to secure the wallet file as well as ensuring the system is secure.  BitCoin users who may be unfamiliar with BitCoin security or the threats posed to their financial data would benefit by following the suggestions listed on their “Securing Your Wallet” Wiki page.

Just remember that malware authors are always on the hunt for the latest trend that can produce a profit.  And with regard to the current BitCoin trend, you can be sure that the malware authors are currently asking the question (to borrow a slogan from a major Credit Card company): “What’s in Your Wallet?

Webroot SecureAnywhere users are proactively protected from this threat.

6 thoughts on “BitCoin Jackers Ask: “What’s in Your Wallet?”

  1. Pingback: Bitcoin in the storm and cybercrime try to take advantage of it | Security Affairs

  2. Pingback: Government Secrecy Orders on Patents Have Stifled More Than 5,000 Inventions | Toki Solutions

  3. Pingback: illmob » Webroot loves illmob

  4. Pingback: New subscription-based ‘stealth Bitcoin miner’ spotted in the wild | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s