Over the last few months the value of Bitcoin increased dramatically. And, cyber criminals are out to make the most out of it. A new Trojan, based on Skype, is circulating around the web, that aims to turn PCs into Bitcoin miners.
Bitcoin, a digital currency, is a distributed system where the transaction history is shared among all user systems over the ineternet, similar to torrents. The currency is limited in supply and is generated by anonymous users. But, how new Bitcoin is generated? One of the processes is called mining. It is a way to acquire new Bitcoins by “making computer hardware do mathematical calculations for the Bitcoin network to confirm transactions and increase security.”
That means, to do the mining, one need to own or rent huge processing power. And, the mining is usually done through a method called “pooled mining,” where the mathematical calculations need to be done in during mining are distributed among systems.
This is where, the Skype Trojan comes in. Cyber criminals are infecting systems to gain control of their processing power to do Bitcoin mining. And unlike “pool mining,” where the rewards are shared among users, hackers will keep the rewards to themselves.
The Skype message used to distribute the Trojan reads, “This is my favorite picture of you…”Once a user click on the associated link of the message, a Trojan is installed in the system, and that takes control of the system. On average, the Trojan is being installed on 2,000 systems per hour. The Trojan runs a process named bitcoin-miner.exe which “onnects to a C2 server located in Germany with the IP address: 18.104.22.168:9000.”
The victims are largely from Italy, Russia, Poland, Costa Rica, Spain, Germany, and a few other countries.