The Hacker News Logo
Subscribe to Newsletter

MtGox Hacker tricks people to install Bitcoin Stealer

MtGox Hacker tricks people to install Bitcoin Stealer
This News will blow everyone’s mind! If you are a bitcoins holder then you might be aware of MtGox, Once the World's biggest Bitcoin exchangeMtGox filed for bankruptcy last month after saying it lost some 8,50,000 Bitcoins to hackers and suddenly went dark with no explanations.

A few days ago, some unknown hacker breached into the personal blog and Reddit account of MTgox CEO, Mark Karpeles to level charges of fraud. But, Hackers are very clever to avail every eventuality they get.

After compromising the MtGox CEO's blog, the hacker posted a 716MB ZIP file, MtGox2014Leak.zip, which contains the data dump and specialized software tools for remote access to MtGox data, but these software tools turned out to be a Bitcoin wallet stealing malware, according to the research carried out by the Kaspersky Lab Expert, Sergey Lozhkin.

The application was actually a malware, which was created to search and steal Bitcoin wallet files from the victims’ computer. The hackers took advantage of the people keen interest in the latest MtGox topic that abruptly stopped trading because of security lapse.

The Executable uploaded along with the archive tricks users into believing that they have access to databases of MtGox using the software, which is in fact a Bitcoin Miner.
MtGox Hacker tricks people to install Bitcoin Stealer
So, the whole MtGox leak was invented to infect the victims’ computers with Bitcoin stealer malware.
"We detect the Windows Trojan (MD5:c4e99fdcd40bee6eb6ce85167969348d), a 4.3MB PE32 executable, as Trojan.Win32.CoinStealer.i and OSX variant as Trojan.OSX.Coinstealer.a. Both have been created with the Livecode programming language – an open-source and cross-platform application development language." according to Kaspersky.
The malware works on both Mac OS X and Windows, executes the TibanneSocket.exe binary. It would seek out bitcoins (bitcoin.conf and wallet.dat files) on an infected computer and then send them to the Command and Control server of the malware, which was located in Bulgaria, but down for now.

Readers are advised to keep an eye on the spam emails, dressed up to look like MtGox emails and asking for MtGox and bank account details. Do not download softwares from non-trusted sources and keep your antivirus up-to-date. Stay Secure!

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.