The Latest in IT Security

BTC Acceptance Rising – Among Cyber-thieves

23
Apr
2013

While the actual Bitcoin currency might have its ups and downs, the notion that it is real actual money has by now been firmly implanted in the minds off miscreants everywhere, as shown by the steady increase in the number of detected btc stealer trojan samples:

btc stealers

The Trojan.Dropper.PWS e-threat comes in a packed dropper which contains three different files: npf.sys, wpcap.dll and packet.dll – three legitimate libraries which are part of the WinPcap software that CACE Technologies publishes. These are used to monitor network traffic and to capture FTP credentials (over TCP 21) or e-mails (SMTP , POP3 on TCP 25, 110) should they get sent in the clear.

The e-threat adds itself to the startup key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run using the value: SonyAgent (might vary) and as data the path to the dropped file.

Aside from stealing Bitcoin wallets, the trojan extracts passwords from FTP clients such as Total Commander, WS_FTP, WinFTP, TurboFTP, FTP Surfer, SmartFTP, LeapFTP, UltraFXP, Frigate3 FTP, FTPRush, FTP Explorer, Classic FTP, Core FTP, FFFTP, CuteFTP, SecureFX, FTP Control, SoftX FTP Client, TurboFTP, FlashFXP, BulletProof FTP Client etc.

Moreover, the trojan also steals passwords which are stored by popular browsers and appears to be able to send e-mails as well.

Bitdefender antivirus software is, as usual, capable to detect and remove the threat.

Leave a reply


Categories

MONDAY, OCTOBER 21, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks