The past few weeks have been rather exciting for Bitcoin owners and speculators, with prices peaking at over $1200 per BTC. Some commentators – including former Fed Chairman Alan Greenspan – have called Bitcoin prices a “bubble”, with a former Dutch central banker comparing it to the tulip mania of the 17th century. Other cryptocurrencies, like Litecoin, have seen similar gains as well.
We’ve covered Bitcoin extensively in the blog in the past, including earlier this year when the total value of all Bitcoins was approximately $1 billion. It now stands at more than twelve times that value. Basic information about Bitcoin-related malware may be found in the Threat Encyclopedia entry discussing Bitcoin.
How much Bitcoin mining malware is there?
Bubble or not, there is plenty of value in Bitcoin. This is giving rise to more Bitcoin-related threats. Victims are now being used to “mine” Bitcoins; in addition the Bitcoin wallets of existing users are now tempting targets for theft as well.
From September to November, feedback from the Smart Protection Network indicated that more than 12,000 PCs globally had been affected by Bitcoin-mining malware. More than half of all infections came from one of three countries: Japan, the United States, and Australia.
Bitcoin mining – the process by which new Bitcoins are created – is computationally intensive. The recent boom in Bitcoin prices may have made using malware viable again for cybercriminals. Both CPU and even GPU-based miners have been eclipsed in recent months by application-specific integrated circuit (ASIC)-based dedicated miners, which boast of hash rates that are orders of magnitude faster than what can be achieved using even high-end PC hardware.
However, because any mined bitcoin nowadays has such high value, even “slow” miners are now worth it for cybercriminals. For users, the problem is that Bitcoin mining is always resource-intensive and can slow down the system due to the increased CPU load. We detect a variety of Bitcoin malware as BKDR_BTMINE, TROJ_COINMINE and HKTL_BITCOINMINE.
Is Your Money At Risk?
This “bubble” has also made stealing Bitcoins much more lucrative. For example, the Deep Web site Sheep Marketplace shut down earlier this month – with users losing as much as $100 million in Bitcoins to thieves. So what can users do?
There’s not much that users can deal with corrupt sites and exchanges except not to do business with them. What users can do is take care of is their own personal Bitcoin wallets.
It’s important to recognize that there are two factors that make defending against Bitcoin theft particularly important. First of all, all Bitcoin transactions are permanent. There is no “undo” button here. If a thief is able to take control of your Bitcoin wallet and transfer all your funds, you have no technical recourse.
That brings us to the second factor: there is no regulator or other authority that one can appeal to in the Bitcoin world. If you’re the victim of credit card fraud, you can appeal to your bank to reverse the charges – and in many cases, they will. That option is not available in the world of Bitcoin; if your wallet is compromised by an attacker you have no recourse. Any Bitcoin wallet on a system is exceptionally vulnerable to being affected by malware on that same system.
Aside from avoiding being infected by malware in the first place, what users can do to prevent any damage from Bitcoin thieves? Consider the real-world wallet. If one had millions or billions in real-world money, you wouldn’t carry all of it with you all the time. Some would be with you, but most would be securely stored somewhere.
That would work with Bitcoin as well. Keeping everything in just one wallet is very dangerous. A division of wallets into at least one “spending” wallet (which you use for sending money via Bitcoin) and one or more “receiving” wallets. (It would even be a good idea to keep these wallets offline to more thoroughly protect them as well.)
One more thing to note. Bitcoin is promoted as being “anonymous”, but in a way nothing could be further from the truth. Because all Bitcoin transactions are public, it is possible to see all the transactions a user has made. Therefore, given enough circumstantial evidence, it may be possible to get the identity of a user. This is something that users should keep in mind before adopting Bitcoin as a currency.
Simply put, while Bitcoin may be a product of the 21st century, at the same time it is something that has been around for centuries – cash. The same caution and prudence that applies to handling cash should be applied here as well.