BTC Acceptance Rising – Among Cyber-thieves

While the actual Bitcoin currency might have its ups and downs, the notion that it is real actual money has by now been firmly implanted in the minds off miscreants everywhere, as shown by the steady increase in the number of detected btc stealer trojan samples:

btc stealers

The Trojan.Dropper.PWS e-threat comes in a packed dropper which contains three different files: npf.sys, wpcap.dll and packet.dll – three legitimate libraries which are part of the WinPcap software that CACE Technologies publishes. These are used to monitor network traffic and to capture FTP credentials (over TCP 21) or e-mails (SMTP , POP3 on TCP 25, 110) should they get sent in the clear.

The e-threat adds itself to the startup key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run using the value: SonyAgent (might vary) and as data the path to the dropped file.

Aside from stealing Bitcoin wallets, the trojan extracts passwords from FTP clients such as Total Commander, WS_FTP, WinFTP, TurboFTP, FTP Surfer, SmartFTP, LeapFTP, UltraFXP, Frigate3 FTP, FTPRush, FTP Explorer, Classic FTP, Core FTP, FFFTP, CuteFTP, SecureFX, FTP Control, SoftX FTP Client, TurboFTP, FlashFXP, BulletProof FTP Client etc.

Moreover, the trojan also steals passwords which are stored by popular browsers and appears to be able to send e-mails as well.

Bitdefender antivirus software is, as usual, capable to detect and remove the threat.

About the author



Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.

1 Comment

Click here to post a comment
  • poate este doar o coincidenta,
    varful din graficul de mai sus (zilele 8-9-10)coincide perfect cu varful pretului btc (150 –>266)$ de pe mtgox com