14 DAY TRIAL // Security researchers have identified two trojans that are specifically designed to search for and steal Bitcoin wallets from infected computers.
One of the trojans was being distributed on the actual Bitcoin forums through rogue, but well-crafted private messages.
Users have reported two separate spam runs, one promoting a more efficient bitcoin mining tool and one claiming they broke the forum rules.
According to security researchers from F-Secure who analyzed the piece of malware, the trojan searches for wallet.dat files and sends them to a hotmail address via a Polish SMTP server.
It seems the password for the SMTP account was changed so the Trojan-PSW:W32/CoinBit.A variant discovered by F-Secure is no longer effective at the moment.
Using information found inside the trojan, such as the hotmail address and the .pl SMTP account, members of the bitcoin forum have tried tracking down the trojan's creator and found that he sold hacking tools before.
Meanwhile, security researchers from Symantec report finding a second trojan that serves the same purpose - to steal bitcoin wallets. However, instead of sending the files via email, the malware uploads them to a FTP. Symantec detects the threat Infostealer.Coinbit.
"We expect that code similar to the techniques described above will find a way into other malware considering the amount of attention this sort of attack is currently receiving and with the amount of Bitcoins currently available for purchase," Symantec's Stephen Doherty notes.
Just a few days ago, an early bitcoin adopter reported the theft of 25,000 bitcoins from his wallet. Considering that the virtual currency was valued at $20 at that time, the loss is estimated at $500,000.
Bitcoin owners are strongly advised to keep their bitcoins either split over multiple wallets or in a primary one that isn't stored on the work computer.