After Bitcoin-stealing malware, security researchers have identified a trojan that piggybacks on infected systems to mine the virtual currency.
Bitcoin is a new peer-to-peer cash-like virtual currency that can be exchanged directly by users without the need of a central bank or payment processing service.
Because of their enhanced anonymity, bitcoins have quickly been adopted by privacy advocates, hackers, fraudsters and even drug dealers.
Because of its increasing popularity and high value — one bitcoin currently sells for around $17 — the virtual currency has also attracted the interest of cyber thieves.
In one case reported earlier this month, an early adopter was robbed
of 25,000 bitcoins worth $500,000, via a trojan. Security researchers from F-Secure and Symantec later reported
finding malware particularly designed to steal bitcoin wallets.
However, another way of getting bitcoins, except theft, is to mine them. Bitcoin mining is similar to encryption cracking and the success of the operation is dependent on that hardware used.
Bitcoin miners build special computer systems with multiple video cards to handle the task, but hackers don't need to do that because they already have huge computing power at their disposal in the form of botnets.
"Today our analysts detected a new threat spreading in the Russian sector of the Internet – Trojan.NSIS.Miner.a
," Kaspersky Lab's Alexander Gostev reveals
"This Trojan has two components – the legitimate bcm.exe file BitCoin Miner and a malicious module that installs bcm without the user’s knowledge and adds it to the autorun registry. The infected computer then starts to generate bit-coins for the Trojan’s author,
" he explains.
In this case, the trojan author was part of a so-called mining pool, a distributed system where miners work together to generate bitcoins and split them depending on the computing power their contributed.
Fortunately, this mining pool used had a policy against using botnets and quickly suspended the attacker's account. However, it's likely that similar malware will appear in the future to take advantage of less sophisticated pool systems.