Security Experts:

Connect with us

Hi, what are you looking for?



Pony Loader 2.0 Malware Source Code for Sale

The source code for version 2.0 of the information-stealing Trojan called Pony Loader, also known as Fareit, has been put up for sale by malware authors, Damballa announced on Tuesday.

The source code for version 2.0 of the information-stealing Trojan called Pony Loader, also known as Fareit, has been put up for sale by malware authors, Damballa announced on Tuesday.

Ever since the source code for Pony 1.9 was leaked online, malware developers have been improving the Trojan’s capabilities. In December 2013, researchers from Trustwave’s SpiderLabs identified an instance that had been used by cybercriminals to steal credentials for around 2 million accounts.

Pony 2.0 surfaced in early 2014 with a new feature that enables cybercriminals to steal virtual currency wallets. In February, SpiderLabs reported that a Pony botnet had been used to steal about $220,000 worth of Bitcoin, Litecoin and other crypto-currencies after compromising 85 wallets.

The source code for Pony 2.0 was put up for sale in May and, according to Damballa, we should expect to see an increase in this type of Bitcoin-stealing malware with customized capabilities, especially since the builder which enables cybercriminals to create new instances with just a few mouse clicks is sold along with the source code.

The malware authors claim that the new version of the Trojan is designed to target several types of virtual currencies besides Bitcoin, including Litecoin, Electrum, Namecoin, Terracoin, PPCoin, Primecoin, Feathercoin, Freicoin, Devcoin, Frankocoin, , MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Anoncoin, Digitalcoin, Goldcoin, Yacoin, , Fastcoin, Tagcoin, Bytecoin, Phoenixcoin, and Luckycoin.

Version 2.0 of the Trojan also comes with improved password-stealing capabilities and bug fixes. The threat is capable of harvesting passwords by decoding saved passwords for several popular applications, or by using a list of common passwords to brute-force user accounts.

 “Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky,” Isaac Palmer, a malware reverse engineer at Damballa, explained in a blog post.


Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.