Computers targeted by ‘Pony’ virus designed to steal bitcoins

PUBLISHED : Tuesday, 25 February, 2014, 10:03pm
UPDATED : Tuesday, 25 February, 2014, 10:03pm

Cybercriminals have infected hundreds of thousands of computers with a virus called "Pony" to steal bitcoins and other digital currencies, in the most ambitious cyberattack on virtual money uncovered so far, according to security firm Trustwave.

Trustwave said on Monday that it had evidence that a cybercrime ring known as the Pony botnet had stolen some 85 virtual "wallets" that contained bitcoins and other types of digital currencies. How much digital currency was contained in the wallets was not known.

"It is the first time we saw such a widespread presence of this type of malware. It was on hundreds of thousands of machines," said Ziv Mador, security research director with Trustwave which is based in Chicago in the US.

Trustwave said it believed the crime ring was still operating, though it did not know who was running the group. The company said it had disrupted the servers that were controlling machines infected with Pony, but expected the group to launch more attacks.

The scheme "collected approximately US$220,000 worth, at time of writing, of virtual currencies such as bitcoin, LiteCoin, FeatherCoin and 27 others," said a blog post from researchers Daniel Chechik and Anat Davidi. The size of the theft was relatively small, but the potential for larger losses makes the breach a substantial concern.

A representative for the Bitcoin Foundation, a trade group that promotes adoption of the virtual currency, advised bitcoin users to store their currency offline in a secure location to prevent cybercriminals from stealing them.

"Electronic wallet security continues to improve by leaps and bounds as hardware wallets become available and we start to see software wallets that support multi-signature transactions," said the Bitcoin Foundation's director of public affairs, Jinyoung Lee Englund.

Trustwave's discovery comes after an unrelated cyberattack that spammed bitcoin exchanges earlier this month. That attack prompted at least three online virtual currency traders to halt withdrawals, causing bitcoin's value to plunge 33 per cent over three weeks.