Index

  • Index

Mt. Gox Data Archive Contains Malware That Steals Bitcoin Wallet Files

00:25 Wednesday Mar 19, 2014

            

Malware was discovered inside the hacked archive file downloaded from Mt. Gox.

A bitcoin-stealing malware for Windows and Mac, was discovered in an archive containing transaction records from Mt. Gox that was released on the Internet last week by the hackers who compromised the blog of Mt. Gox CEO Mark Karpeles.  The program seeks out and steals victims’ Bitcoin wallets, the same way other malware goes for their banking passwords or credit card numbers.

Security researchers from security firm Kaspersky Lab analyzed the 620MB file called MtGox2014Leak.zip and concluded that in addition to various Mt. Gox-related documents and data, it contains malicious binary files.

The files masquerade as Windows and Mac versions of a custom, back-office application for accessing the transaction database of Mt. Gox, a large bitcoin exchange in Japan that filed for bankruptcy in late February after claiming it had lost about 850,000 bitcoins to cyber thieves.

These are actually malware programs designed to search and steal Bitcoin wallet files from computers, Kaspersky security researcher Sergey Lozhkin said in a blog post.

Both the Windows and Mac binaries are written in LiveCode, a programming language for developing cross-platform applications.

When executed, they display a graphical interface for what appears to be a Mt. Gox database access tool. However, in the background they launch a process - TibanneSocket.exe on Windows, that searches for bitcoin.conf and wallet.dat files on the user’s computer, according to Lozhkin. “The latter is a critical data file for a Bitcoin crypto-currency user: if it is kept unencrypted and is stolen, cybercriminals will gain access to all bitcoins the user has in his possession for that specific account.”

Lozhkin said, "It seems that the whole leak was invented to infect computers with Bitcoin-stealer malware that takes advantage of people's keen interest in the Mt. Gox topic,"

This is great example of an attack on a focused target audience, Lozhkin said.

Users who downloaded the archive and executed any of the binary files inside should probably scan their computers with an anti-malware program and should take immediate steps to secure their bitcoins.

 

< Back

    Add your comment

    We aim to have healthy debate. But we won't publish comments that abuse others

    1200 characters left

     

     

    LATEST NEWS

     
      

    © copyright 2013 Website News. All rights reserved.

     

    SECTIONS

    ABOUT

    SUBSCRIBE

     

    Website News is for and about the website design, development, marketing industry. We will endeavor to bring you up-to-date news and information to help you in your work as well as give you useful information and tips for your clients and their businesses.

    We are always keen for you to submit any information you find from elsewhere, or about your business, that you feel will be relevant.

     

     

     

     

    Contact Us:

    For advertising enquiries or to submit a story, please email us at: editor@websitenews.co

     

    Login

    Website News

    Sign-up to Website News and create your universal Woogloo ID

    Your details

    Your login details

    Your address


    Is your address not being found?

    Company

    Company address

    Yes No


    To register on the Website News website you either need to use your
    exisitng Woogloo ID or create a new one (see below).

    Sign Up

    Why sign up?

    • Get access to Registered User's priviledges, which may include hidden pages, special features and special pricing, if they exist, on this website.
    • Get access to all sites powered by Woogloo V3 without having to enter your details everytime.

    Login Error

    Forgot your password?

    Enter your email address below and click 'Reset Password' Button




    What is a Woogloo ID

    Logging in...