Published on March 15th, 2014 📆 | 6072 Views ⚑
0MtGox Hacker tricks people to install Bitcoin Stealer
The application was actually a malware, which was created to search and steal Bitcoin wallet files from the victims’ computer. The hackers took advantage of the people keen interest in the latest MtGox topic that abruptly stopped trading because of security lapse.
The Executable uploaded along with the archive tricks users into believing that they have access to databases of MtGox using the software, which is in fact a Bitcoin Miner.
So, the whole MtGox leak was invented to infect the victims’ computers with Bitcoin stealer malware.
We detect the Windows Trojan (MD5:c4e99fdcd40bee6eb6ce85167969348d), a 4.3MB PE32 executable, as Trojan.Win32.CoinStealer.i and OSX variant as Trojan.OSX.Coinstealer.a. Both have been created with the Livecode programming language – an open-source and cross-platform application development language. according to Kaspersky.
The malware works on both Mac OS X and Windows, executes the TibanneSocket.exe binary. It would seek out bitcoins (bitcoin.conf and wallet.dat files) on an infected computer and then send them to the Command and Control server of the malware, which was located in Bulgaria, but down for now.
Readers are advised to keep an eye on the spam emails, dressed up to look like MtGox emails and asking for MtGox and bank account details. Do not download softwares from non-trusted sources and keep your antivirus up-to-date. Stay Secure!
Gloss