Trojan targets Bitcoin wallets
The first malware designed to steal Bitcoins, Infostealer.Coinbit, has been identified by Symantec. Bitcoin, the anonymous decentralised open source virtual currency, has been gaining visibility in recent months and, apart from the appearance in April of a Bitcoin mining botnet called Stealthcoin, it has apparently not been the target of malware writers.
The malware, which runs on Windows, locates the Bitcoin wallet.dat file and emails it, presumably to the attacker, via an SMTP server in Poland. Symantec rates the risk level of the malware as very low and not widely spread.
The wallet.dat file contains public and private keys which are used for transactions in the Bitcoin network. The wallet.dat file can be optionally encrypted, but where it is stored in plain text, it is vulnerable to theft by malware like Infostealer.Coinbit. Bitcoin users should follow the advice on how to secure a wallet.dat file regardless of which platform they are on. Symantec recommend using a strong password to encrypt the wallet – it is quite likely that criminals would find it worth the effort to brute force weakly protected wallets. It is not known if Infostealer.Coinbit was involved in the theft of $500,000 worth of Bitcoins reported yesterday.