Researchers from Trustwave Spiderlabs have determined the presence of a viral software that succeeded to obtain enough private data to empty an excessive number of online electronic wallets, to provide its developers with around 220 000 dollars in form of digital coins at the current exchange rate. Several months of activity have proven the consistency of the Trojan botnet that received the name “Pony” linking its nature to the notorious Trojan Horse used by Greeks to invade the city of Troy after a 10 year long siege.
Trustwave provides IT security services, and all information populated by the company is 100% reliable and trustworthy. The news has come on Monday, the 24th of February as it is the day, when the team of researchers has determined the methodology and consequences of the attack, as well as registered a pause in the suspicious activity. According to Daniel Chechik and Anat Davidi, the malware infected around 700 000 items – computers or persons. 600 000 login and 100 000 email data is supposed to be stolen and used to crack wallets of 30 different cryptocurrencies, including leading assets like Bitcoin, Litecoin, FeatherCoin and others. The determined amount of stolen coins is equal to 355 BitCoins, 280 LiteCoins, 33 PrimeCoins and 46 FeatherCoin. The duration of the criminal activity is also impressive; both researchers claim:
“According to our data, the cyber gang that was operating this Pony botnet was active between September 2013 and mid-January 2014.”
According to Ziv Mador, director of security research at Trustwave, the emptied wallets belong to private users and merchants, but cannot be determined due to the main principles of the virtual currencies:
“The new thing about this complaint is that it was widely spread. The Pony malware affected hundreds of thousands of machines and scanned for digital wallets from 30 virtual currencies on those computers.”
The experts warn the society and ask everyone to check their wallets for missing coins or intrusions. Deeper investigations show that most victims are from Germany, Italy and Poland. Trustwave also offers to visit their recently developed wallet checkers. Entering the public key (not the private key!) of the wallet any individual can determine whether the attack affected his or her funds. The anonymity of the cryptocoin environment provides safe opportunities to retreat for the thieves – the coins will be soon converted in fiat money via different exchange services. The statement from Trustwave continues:
“Bitcoins are stored in virtual wallets, which are essentially pairs of private and public keys… Stealing Bitcoins and exchanging them for another currency, even a regulated one such as US dollars, is much easier than stealing money from a bank.”
McAfee also noticed the presence of “Pony” in December and believes that 2 million login credentials from different, but most popular social networks have been stolen. Still, Mr.Modor comforts the worried users and sees a way out of the situation in the strength of the Trojan that might be used as a weapon:
“If they use that option and encrypt their wallets with a strong key, then they should be fine, even if the malware were to infect the digital wallet, the botnet would not be able to generate transactions from that wallet.”