[FSec] Pickpocket Targets Wallets at Bitcoin Forum

[Newsfeed]

Our Threat Research team analyzed a Bitcoin wallet.dat trojan today. Bitcoin is a digital currency created in 2009.

We detect the threat as Trojan-PSW:W32/CoinBit.A.

Here's a screenshot of the GUI:

(SHA-1 c4f6c921aa77fbb7f2b616a22ee7d4578f8ccf44)

It's not very professional looking.

But that's not the real point. This is a snatch and grab. Before the window is rendered, the application will fetch the Bitcoin wallet.dat file (if it exists) from this location:

%Documents and Settings%\\AppData\Roaming\Bitcoin\wallet.dat

Bitcoin.A then attempts to mail the wallet.dat to a hotmail address via a Polish SMTP server. The .pl server address is hardcoded. Reportedly, the password of the server account has been changed so this variant is no longer effective.

Performing a search for the hardcoded @hotmail recipient e-mail address leads one to this thread at bitcoin.org's forum.

It appears the pickpocket posted links in the forum's chat application. If the forum members click the link and downloaded the trojan, they risked losing their wallets.

To quote a forum member:

"No doubt that sucker is going straight for your wallet.dat"
"People will loose coins from this!"

Very possibly.

Read more from Kevin Poulsen at Wired.
On 17/06/11 At 10:36 AM

Weiterlesen...

 

[Matilda Pavati]

I know this may not be the right place, but I want to use this medium to tell my story and help others who may be in a similar situation. In 2022, my best friend introduced me to a Telegram platform where she successfully traded Bitcoin and other cryptocurrencies, earning over $85,000 in just three months. Encouraged, I invested $25,000, got a 30% ROI in the first month, and withdrew $10,000. Feeling confident, I switched to the Premium plan and invested another $65,000. My investment grew to $350,000, and I decided to withdraw the money to buy a property, but the platform asked for an unexpected 25% commission that was not included in the original agreement. I managed to pay 20%, but they continued to ask for more. When I couldn't pay, they closed my account and stopped responding. My friend and I reported the incident to the police, who told us that the company was based in India and they had to involve Interpol. After waiting for three months in vain, my friend found a blockchain recovery expert. Contacting him was the turning point. Within two days, they arranged a trial deposit, and the next day I received a full deposit of $430,000, including all bonuses. They rescued my investment, and I promised to share my story to help others in similar situations. Communication was excellent throughout the process, and I highly recommend them. If you need help, here is their contact information: Telegram: AssetRecoverNet EMeil: [email protected] WhatsApp +1 ( 5 0 4 ) 3 0 2 3 4 6 4