The source code for version 2.0 of the information-stealing Trojan called Pony Loader, also known as Fareit, has been put up for sale by malware authors, Damballa announced on Tuesday.Ever since the source code for Pony 1.9 was leaked online, malware developers have been improving the Trojan's capabilities.In December 2013, researchers from Trustwave's SpiderLabs identified an instance that had been used by cybercriminals to steal credentials for around 2 million accounts.Pony 2.0 surfaced in early 2014 with a new feature that enables cybercriminals to steal virtual currency wallets.In February, SpiderLabs reported that a Pony botnet had been used to steal about $220,000 worth of Bitcoin, Litecoin and other crypto-currencies after compromising 85 wallets.The source code for Pony 2.0 was put up for sale in May and, according to Damballa, we should expect to see an increase in this type of Bitcoin-stealing malware with customized capabilities, especially since the builder which enables cybercriminals to create new instances with just a few mouse clicks is sold along with the source code.

The malware authors claim that the new version of the Trojan is designed to target several types of virtual currencies besides Bitcoin, including Litecoin, Electrum, Namecoin, Terracoin, PPCoin, Primecoin, Feathercoin, Freicoin, Devcoin, Frankocoin, , MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Anoncoin, Digitalcoin, Goldcoin, Yacoin, , Fastcoin, Tagcoin, Bytecoin, Phoenixcoin, and Luckycoin.Version 2.0 of the Trojan also comes with improved password-stealing capabilities and bug fixes.The threat is capable of harvesting passwords by decoding saved passwords for several popular applications, or by using a list of common passwords to brute-force user accounts."Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and bitcoin private keys using these programs risky," Isaac Palmer, a malware reverse engineer at Damballa, explained in a blog post.About the only thing that using Bitcoin-mining malware has in common with real mining is how dirty you should feel while doing it.

With Bitcoin mining, the work isn’t about digging a hole in the earth and pulling out the raw materials, as with normal mining.Rather it’s about about finding holes in someone’s security and digging in to set up a long-term mining operation.bitcoin aantalTo understand the impact of this type of malware, we first need to understand what the attackers are trying to do and why.bitcoin rap songWhat are Bitcoins and what is Bitcoin mining?bitcoin mehr verbindungenBitcoins are “a peer-to-peer payment system introduced as open source software.” The digital currency created and used in the system is alternatively referred to as a virtual currency, electronic money, or a cryptocurrency.dynamic coin bitcoin

Bitcoin mining is roughly defined as the processing of transactions in a digital currency system, in which the records of current Bitcoin transactions (blocks) are appended to the record of past transactions (block chain).500 satoshi bitcoinWith this new knowledge we can look at the process of a Bitcoin mining malware operation.ethereum gpu ramThe most common questions I get asked about Bitcoin mining malware are: “How does Bitcoin malware get into users’ systems?” “Why are they using my machine?” “How do I know they are there?” “What can I do to stop them from getting on my systems?” “What does a Bitcoin mining malware look like on my system?” Bitcoin mining is a computationally demanding process that gets more and more intense over time.que es el protocolo bitcoin

Bitcoin is mined in blocks, and since it takes significant computing power to mine each block, the malicious miners join up and form what are referred to as mining pools/networks.litecoin pool topThe idea behind this mining pool is that each participant who provides some computing power gets in return their share of the revenue proportional to the amount they participated.bitcoin sklepIn the example of Bitcoin mining malware, the attacker would be the sole beneficiary of the mining efforts instead of a team of willing participants.Bitcoin mining malware uses the same methods as most other malware to gain access to an endpoint.Techniques like malicious downloads, emails with malicious links or attachments, and already-installed malware are the most common and effective methods of delivery.A well-known example of one of these techniques, the watering hole attack method, was reported on in January 2014.

In this example, malicious ads were served to Yahoo!users as they visited a site.The malware downloaded from those malicious ads was designed to transform computers into a Bitcoin mining operation.The payload downloaded to each successfully exploited computer varied in its contents.Some payloads were just Bitcoin mining malware, while others contained credential-stealing Trojans like Zeus or more common generic remote access tools (RATs).The malicious ads reportedly lasted from December 31 through January 3, when Yahoo!“According to security firms, the malware that took advantage of a Java flaw in Yahoo ads infected some 27,000 machines per hour during the four days it was active on the site.” There are a few ways to know a processor-intensive malicious application has been installed on a system.The most obvious to the user is a significantly noticeable performance impact on the infected host.I have read about Bitcoin malware variants that are “user aware” and only run when there are no users logged in or when CPU usage is below a specified threshold.