Attackers of Mt. Gox Chief Executive Circulate Bitcoin-Stealing Malware
According to Kaspersky the security company, a condensed file of transaction documents compiled at the firm Mt. Gox, which hackers lately exposed online after hijacking the blog belonging to Mark Karpeles CEO of Mt. Gox, as well carries malware for stealing bitcoins from Mac or Windows PCs.
Kaspersky investigators examined the archive, sized 620MB and named MtGox2014Leak.zip, to ultimately state that along with different data and files from Mt. Gox it consisted of malware.
The archive pretends to be Mac/Windows editions of one software program of custom, back-office required to gain admission into the transaction records stored at Mt. Gox, one major supplier of bitcoins and which claimed to be bankrupt during February-late 2014, in Japan because it allegedly faced a theft of approximately 850,000 bitcoins by cyber-thugs.
Kaspersky detected the malware compatible with Windows system as Trojan.Win32.CoinStealer.i and that with Mac as Trojan.OSX.Coinstealer.a.
For writing the Mac and Windows malware, the hackers understandably chose the programming language LiveCode, which aids in writing software for a number of simultaneous platforms.
On running the custom, back-office software, victims note one program to gain admission into the Tibanne Co. Ltd. database; the company is the operator of Mt. Gox. Meanwhile, the Bitcoins in the transactions get stolen.
According to Sergey Lozhkin, Security Researcher at Kaspersky, the LiveCode written malware has key code packed and encrypted, while the malware obtainable whenever run. Softpedia.com reported this, March 17, 2014.
Hackers, after designing the particular malware, use it for running the TibanneSocket.exe executable as well as to hunt down the wallet.dat and bitcoin.conf files. Incase the wallet.dat file, which's critical for a Bitcoin owner, isn't decoded while also stolen, then cyber-crooks can easily acquire access to each and every Bitcoin in the wallet of that owner, continues Lozhkin. Techcrunch.com published this, March 14, 2014.
Evidently, every component of the data gets transmitted to a CnC server based in Bulgaria, however, presently deactivated.
Meanwhile, Mt. Gox's consumers have fallen target to cyber-criminals previously too when they received phishing electronic mails masquerading as the Bitcoin exchange while soliciting their username and password, address, full name as well as bank account.
» SPAMfighter News - 3/26/2014