The Gameover ZeuS Trojan has been updated with functionality targeting bitcoin wallets.
Researchers with F-Secure spotted a variant of the malware that includes code to read and write to Bitcoin wallets. It also hooks into the process by which the wallet is encrypted, stealing the password and thwarting encryption.
This is just another twist for Gameover, which has emerged as one of the most treacherous pieces of financial malware on the Internet. Gameover first appeared on the Internet in 2011. Recently, researchers at Dell SecureWorks dubbed the malware the most prevalent banking Trojan of 2013, noting that it accounted for 38 percent of the company’s detections of financial malware.
According to research from Sophos, a recently detected variant of the malware used a kernel-level rootkit known as Necurs to protect malware files on disk and in memory and make it difficult to remove the Trojan. That particular variant was seen spreading via a spam campaign that used messages with fake invoices.
“Gameover is “privately” held by one gang – it’s a different fork from the ZeuS code which was open sourced years ago,” explained Sean Sullivan, security advisor at F-Secure.
“The sample we’ve analyzed is relatively new,” he said. “But the botnet nodes themselves may have already begun to update.”
“[ZeuS] isn’t always first to adopt a new tactic, but it is generally ‘best of breed’,” he added.
Certainly, bitcoin users and exchanges have been getting more attention from hackers lately. Earlier this month, bitcoin exchanges Poloniex and Flexcoin announced they had been hit by hackers. As a result of the attack, Flexcoin was forced to shut down. More malware targeting bitcoins has also been popping up, such as OSX/CoinThief.A, a Trojan targeting Mac users.
“I’m somewhat surprised at how long it’s taken to incorporate wallet.dat stealers into big players – but then I suppose that means that Bitcoin may now be a ‘real’ industry,” Sullivan said. “Not sure if that is a good thing for Bitcoin users in the long run.”
John Miller, security research manager at Trustwave, said that recent security events involving crypto-currencies serve as a reminder to users that criminals will hunt down financial assets regardless of their form.
“Individual users are at risk when they store their wallets insecurely or entrust their coins to third-party services,” he said. “Malware such as Pony can steal unencrypted wallets from unsuspecting users. Services can be scams intent on defrauding users or could suffer theft that results in financial loss to users. Safe browsing habits, anti-malware solutions, and gateway protection technologies can all help with the former, only proper consumer research can help with the latter.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
