Published on March 15th, 2014 📆 | 7312 Views ⚑


MtGox Hacker tricks people to install Bitcoin Stealer


This News will blow everyone’s mind! If you are a bitcoins holder then you might be aware of MtGox, Once the World's biggest Bitcoin exchange. MtGox filed for bankruptcy last month after saying it lost some 8,50,000 Bitcoins to hackers and suddenly went dark with no explanations.
[adsense size='1']
A few days ago, some unknown hacker breached into the personal blog and Reddit account of MTgox CEO, Mark Karpeles to level charges of fraud. But, Hackers are very clever to avail every eventuality they get.
After compromising the MtGox CEO's blog, the hacker posted a 716MB ZIP file,, which contains the data dump and specialized software tools for remote access to MtGox data, but these software tools turned out to be a Bitcoin wallet stealing malware, according to the research carried out by the Kaspersky Lab Expert, Sergey Lozhkin.

The application was actually a malware, which was created to search and steal Bitcoin wallet files from the victims’ computer. The hackers took advantage of the people keen interest in the latest MtGox topic that abruptly stopped trading because of security lapse.

The Executable uploaded along with the archive tricks users into believing that they have access to databases of MtGox using the software, which is in fact a Bitcoin Miner.

MTGox bitcoin malware hacking

So, the whole MtGox leak was invented to infect the victims’ computers with Bitcoin stealer malware.

We detect the Windows Trojan (MD5:c4e99fdcd40bee6eb6ce85167969348d), a 4.3MB PE32 executable, as Trojan.Win32.CoinStealer.i and OSX variant as Trojan.OSX.Coinstealer.a. Both have been created with the Livecode programming language – an open-source and cross-platform application development language. according to Kaspersky.

[adsense size='2']

The malware works on both Mac OS X and Windows, executes the TibanneSocket.exe binary. It would seek out bitcoins (bitcoin.conf and wallet.dat files) on an infected computer and then send them to the Command and Control server of the malware, which was located in Bulgaria, but down for now.

Readers are advised to keep an eye on the spam emails, dressed up to look like MtGox emails and asking for MtGox and bank account details. Do not download softwares from non-trusted sources and keep your antivirus up-to-date. Stay Secure!

Tagged with:

Comments are closed.