• United States



Businesses told to lockdown Bitcoin wallets against malware threat

Feb 27, 20143 mins
Application SecurityCybercrimeData and Information Security

Malware designed to steal digital currency from Windows PCs has risen with Bitcoin value since beginning of last year, says study

Businesses considering accepting Bitcoins or other forms of cryptocurrency should be prepared to battle a rising number of malware aimed at emptying digital wallets.

[Why security pros should care about Bitcoin’s troubles]

That’s the takeaway from a new study by SecureWorks, computer maker Dell’s security unit. Researchers found that the number of malware targeted at stealing cryptocurrency from Windows PCs increased along with the rise in value of Bitcoin since the beginning of 2013.

As of January of this year, SecureWorks had identified on the Internet 100 unique families of malware capable of stealing wallet files or digital currency from users’ exchange accounts. The increase in the number of cryptocurrency-stealing malware made it “one of the fastest-growing categories of malware,” the study said.

While Bitcoin is not the only type of cryptocurrency, it is the most popular and the most valuable. The price has ranged from a high of roughly $1,150 in early December to a low of $420 Feb. 25. Bitcoin’s price on Thursday was about $565. Other digital currencies include Namecoin, Litecoin, Dogecoin, PPCoin and Mastercoin.

The recent shutdown of Mt. Gox, which once had the largest market share of all digital currency exchanges, highlights the risk of cryptocurrency traded over the Internet. The Bitcoin exchange closed this month after cybercriminals stole $400 million. The heist is under investigation by U.S. federal authorities.

The rising popularity of digital currency has led to its adoption by retailers. became the first major online retailer to accept Bitcoins, and industry observers expect others to follow. The site SpendBitcoins lists many places on the web where people can spend their digital currency.

To protect the digital wallets used in conducting transactions, SecureWorks researchers recommend the use of a “split wallet,” which has a portion of the file on the computer connected to the Internet and the rest on a system with no network connection.

The file kept on the Internet-enabled system would let the business track its running balance and perform transactions with customers. On the offline system is the private key for authorizing a transaction before it is transmitted.

Electrum is an example of a split wallet done through software. Examples of hardware-based products include Hardware Wallet and Trezor, which plans to release its product soon.

By using the proper security, businesses can significantly reduce the risk of accepting digital currency, Pat Litke, security researcher for Dell SecureWorks’ Counter Threat Unit, said.

“It’s simply a matter of understanding how to do it safely, and that’s where the general population falls short,” Litke said.

[Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment]

The SecureWorks study found several categories of PC malware targeting digital currency. One form searched an infected system’s hard drive for the typical file names used for wallets, such as “wallet.dat.” The file was copied and then sent to a remote server.

Another malware family would set up a man-in-the-middle-like attack in which the address of the recipient in a transaction is altered, so the money goes into the thief’s account.