Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Pony Loader 2.0 Malware Source Code for Sale

The source code for version 2.0 of the information-stealing Trojan called Pony Loader, also known as Fareit, has been put up for sale by malware authors, Damballa announced on Tuesday.

The source code for version 2.0 of the information-stealing Trojan called Pony Loader, also known as Fareit, has been put up for sale by malware authors, Damballa announced on Tuesday.

Ever since the source code for Pony 1.9 was leaked online, malware developers have been improving the Trojan’s capabilities. In December 2013, researchers from Trustwave’s SpiderLabs identified an instance that had been used by cybercriminals to steal credentials for around 2 million accounts.

Pony 2.0 surfaced in early 2014 with a new feature that enables cybercriminals to steal virtual currency wallets. In February, SpiderLabs reported that a Pony botnet had been used to steal about $220,000 worth of Bitcoin, Litecoin and other crypto-currencies after compromising 85 wallets.

The source code for Pony 2.0 was put up for sale in May and, according to Damballa, we should expect to see an increase in this type of Bitcoin-stealing malware with customized capabilities, especially since the builder which enables cybercriminals to create new instances with just a few mouse clicks is sold along with the source code.

The malware authors claim that the new version of the Trojan is designed to target several types of virtual currencies besides Bitcoin, including Litecoin, Electrum, Namecoin, Terracoin, PPCoin, Primecoin, Feathercoin, Freicoin, Devcoin, Frankocoin, , MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Anoncoin, Digitalcoin, Goldcoin, Yacoin, , Fastcoin, Tagcoin, Bytecoin, Phoenixcoin, and Luckycoin.

Version 2.0 of the Trojan also comes with improved password-stealing capabilities and bug fixes. The threat is capable of harvesting passwords by decoding saved passwords for several popular applications, or by using a list of common passwords to brute-force user accounts.

 “Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky,” Isaac Palmer, a malware reverse engineer at Damballa, explained in a blog post.

Advertisement. Scroll to continue reading.


Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.