Bitcoin market price app, 'Bitcoin Alarm,' is carefully cloaked malware
The application contains a remote access Trojan, Arbor Networks said
IDG News Service - If you get a spam message advertising an application called "Bitcoin Alarm," the name may tell you all you need to know.
The desktop Windows application sends price alerts by SMS to a mobile phone. But closer examination of its code turned up several suspicious traits that indicate it may try to steal the virtual currency, wrote Kenny MacDermid, a research analyst with security company Arbor Networks.
Bitcoin's skyrocketing value this year has drawn wide interest from investors as well as from cybercriminals. Bitcoins are secured by public key cryptography, and if the private key for a bitcoin is obtained, the virtual currency can be stolen in a flash.
MacDermid received three spam messages in one day promoting Bitcoin Alarm.
"I ignored it the first two times, but they must have really wanted me to look at it, so who am I not to oblige?" he wrote.
Tucked inside Bitcoin Alarm is a script that checks whether security software from Avast is running. If so, it stays quiet for 20 seconds. "It's a pretty solid chance that if software is checking for an antivirus engine, that it's up to no good," MacDermid wrote.
An encrypted file inside Bitcoin Alarm turned out to be a remote-access Trojan called NetWiredRC, which can be used to steal login credentials and, in this case, bitcoins, he wrote.
MacDermid submitted Bitcoin Alarm to VirusTotal, an online service that runs suspicious software programs through more than four dozen antivirus suites. On the first pass, only Kaspersky Lab's product detected Bitcoin Alarm, although more antivirus suites are picking it up now, MacDermid wrote.
"This free utility is nothing more than malware with very low detection rate being spammed to anyone that might have a bitcoin sitting around," he wrote.
A website for Bitcoin Alarm was created on Nov. 19, according to data from Domain Tools. A YouTube video showing how to install the application was uploaded there two weeks ago. The demonstration video uses a Windows computer set for German.
Efforts to reach Bitcoin Alarm via an email address on its website were not immediately successful.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts