Hackers take advantage of bitcoin’s wild ride
Bitcoin is booming and so are criminal schemes looking to make money off the trend.
The hype around cryptocurrency is only growing, fueled by the massive rise of bitcoin, the digital currency created in 2009. Its value has skyrocketed by thousands of dollars in the last year, but the price fluctuates regularly.
As the hype grows, so does interest in acquiring digital currency — both from the general public who might not know much about the technology and hackers who want to profit off it.
“Whenever something gets this much publicity and popularity and there’s a potential to make what appears to be free and easy money, the criminal aspects of the world are going to take advantage of it,” said Mike Murray, vice president of security intelligence at mobile security firm Lookout.
In order to use bitcoin, you need a digital wallet to receive, send, and store cryptocurrencies. By creating fake wallets, hackers can take advantage of people new to bitcoin and other digital currencies who might not realize the difference between legitimate companies and fake apps.
Lookout recently discovered three fake bitcoin wallet Android apps in the Google Play Store that trick people into sending cybercriminals bitcoin. Some of the apps had thousands of downloads.
Google has since pulled them from the store.
“They were clearly targeted at people who don’t know anything about bitcoin, went on the Google Play Store, and started installing bitcoin stuff on their phone,” Murray said.
In addition to fake apps, cybercriminals are creating malware that uses people’s computers to generate cryptocurrencies in a process called “mining.”
By hijacking a stranger’s computer or phone, a hacker puts the work on those devices — a typically costly and complicated process. Mining requires a lot of computing power to solve complicated math problems, verify transaction records and ultimately receive digital coins.
It’s no longer feasible to mine bitcoin with personal computers, but you can do so for other currencies like Monero and Ethereum. Candid Wueest, principal threat researcher for security firm Symantec, said the explosive popularity of bitcoin is further sparking interest in other currencies, and malware creators are exploiting tools to mine them.
According to a report from Symantec, malicious mining activity is on the rise. A hacker can hide malicious code on a website and the site’s users become digital currency miners without realizing it.
It can be a lucrative scheme. This week, hackers targeted websites using the WordPress content management system to infect them with Monero mining malware. The attackers reportedly made at least $100,000.
Digital currency exchanges are also a popular target for hackers. On Wednesday, hackers compromised EtherDelta, a place for buying cryptocurrencies. Meanwhile, South Korean bitcoin exchange Youbit said this week it was filing for bankruptcy after criminals stole almost one-fifth of its clients’ holdings in the second major cyberattack on its systems this year.
Carles Lopez-Penalver, intelligence analyst at security firm Flashpoint, said phishing campaigns from hackers posing as cryptocurrency wallets, exchanges, or other websites try to trick people into forking over currency or personal information. Some of these campaigns appear as advertisements on search engines and websites, or in Slack chatrooms where people discuss digital currencies.
Malicious attacks targeting digital currencies and users are only going to get worse, he said.
“The will and drive to target cryptocurrency-oriented industry is here to stay because of the absurd money that has been pumped into it in the past couple of months,” Lopez-Penalver said. “It is one of the most targeted industries right now — it’s what cybercriminals are looking for.”