BitCoin – Malware

Virtual money gets stolen by a Virtual application – how apt this is.

BitCoin – new age digital currency without any government, generated using a complicated algorithm based on p2p but with a limit (21 million BTC), anonymous with public records of all the transaction and mined using a graphics card but the probability of hitting the correct hash / bitcoin is very low and against the economics of mining / generating a collision. BitCoin was invented by Satoshi Nakamoto (in Japanese Satoshi means wisdom / reason) is one of the best hidden identities I have ever seen.

Forum BitCoin Link discussing the new threat.

Discussing about the future of bitcoins when all the estimated 21 million bitcoins are generated seems trivial as of this moment cause Bitcoins are divisible, potentially to 8 decimal places and exchange rates in future may change the manner in which BitCoins are represented and the price of the products may vary accordingly but based on the hard government currency. Due to which, hard currency is yet to stay as a benchmark for all calculations.

This bit of malware in question straightaway strikes the %userprofile%\application data\Bitcoin\wallet.dat, a file which stores all your bitcoins.

For the sake of providing information , I have started a web-based pool mining process on my system and CPU utilization has shot upto 99 – 100%.

This website also provides links for web-servers, so that the visitors system resources are utilized without their knowledge and the generated bit-coins are transferred to your account.

Payout Amount : 0.00005530 BTC
Average Speed : 740000 hashes per second.
Estimated time before payout : 1.61 hours

This is the POC for 1st type of malware which targets systems having specific hardware (read ATI Radeon HD 5870 powered cards) to generate BTC , while the victim pays for the network bandwidth and power consumption via CPU usage.

Something to know about wallet.dat:

Wallet.dat holds all of your bitcoins in one file with password security / encryption of the file being optional. The stolen wallet once imported into bitcoin client will provide access to all the coins and due to the anonymous nature of the BitCoin, using stolen bitcoins is the cheapest way to earn some $$$.

Integrating encryption with the password, being the key to decrypt the encryption (Preferred AES with CDC), with on-the-fly decryption and encryption for the wallet.dat seems to be a viable option. The wallet.dat being in a locked down state during the transaction process.

As for the pass-phrase which is being used for the session, to be stored in an secured memory location and care needs to be taken to ensure that there are no memory leaks.

If bit-coin can be generated by peer-nodes then why not the session-password to access the wallet be generated in the same manner?

eg.

String to be encrypted: this_is_encrypted
Encryption: AES
Passphrase: sachin
Result: ãhþÐn¬¢½Ú½ksÕ{ò%noˆ¸3`òW¼)jï
Result: ‡‚!–C~@N5Ùî²ò?û“³1z{ÈÙ*Uj®¶v”

Though both the results appear to be different, but after decryption – both of them yield the original string i.e. this_is_encrypted. Better in a scenario to defeat MITM based attacks when all the transacted values are different but when decrypted provide the same value.

Bit-Coin works on generated SHA256 dual iterated hash and the value for the SHA-Hash is actually the computational algorithm designed to act as a puzzle based on time. This hash is open for collision but due to the high requirement of computational resources, is considered safe – as defined by Satoshi Nakamoto in the Bit-Coin design paper.

Binding the wallet to a specific system defeats the very logic of a wallet vis’a’vis accessibility in a roaming environment nor storing the wallet online is safe, as your wallet is at the mercy of the webmaster and the web-programmer. Recent hacks have proven that web-security is still in its nascent stages.

How about binding the wallet to a USB pen-drive ? seems impossible? well, nopes, this is very much possible and has been done to protect a mdb file (which can be opened easily – password protected mdb can be cracked at the blink of an eye), so this will definitely work for wallet.dat.

Synopsis:
1: BitCoins can be stolen.
2: Wallet in which Bit-Coins are stored, can be accessed and transferred by the Malware and re-utilized.
3:When using web-based Bit-Coin Wallet, do not re-use your password.

[Update]

BitCoin Exchange Hacked

Share

Tweet

Share

Share

Share