Skype Malware Helps Mine for Bitcoins

Friday, April 5, 2013 @ 05:04 PM gHale


Bitcoin’s digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains like introducing new pieces of malware.

There is now a piece of malware in circulation that is using Skype as a spreading mechanism and then using infected machines’ processing power to mine Bitcoins.

RELATED STORIES
Live Kelihos Botnet Takedown
Stronger, Smarter Botnet Appears
Nap Trojan Copies Times Attack
New Exploit Kit: Whitehole

The new malware is sending links to Skype users with a message encouraging them to click to see a photo of themselves online. The campaign began yesterday and is still ongoing, with thousands of victims clicking on the malicious link every hour, according to an analysis by Dmitry Bestuzhev of Kaspersky Lab.

“The initial dropper is downloaded from a server located in India. The detection rate on VirusTotal is low. Once the machine is infected it drops to the system many other pieces of malware. Downloads come from the Hotfile.com service. At the same time the malware connects to its C2 server located in Germany,” Bestuzhev said.

Once the malware is on the victim’s machine, it goes about the business of usurping the PC’s processing power to mine for Bitcoins. The Bitcoin network relies on a complex system to create each Bitcoin and verify the currency is valid and being spent by the owner of those Bitcoins. Part of that process requires quite a bit of processing power, and that’s what the attackers behind this malware campaign are after.

Here’s how the Bitcoin Project explains the mining process:

“Bitcoin mining is the process of making computer hardware do mathematical calculations for the Bitcoin network to confirm transactions and increase security. As a reward for their services, Bitcoin miners can collect transaction fees for the transactions they confirm along with newly created bitcoins. Mining is a specialized and competitive market where the rewards are divided up according to how much calculation is done,” the Project said.

The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt, causes a massive spike in the CPU usage on an infected machine, Bestuzhev said.



Leave a Reply

You must be logged in to post a comment.