Pony Botnet Virus Steals $220k from 30 Types of Digital Wallets
A new virus is said to be affecting more than 30 types of digital currency wallets.
In what is being called one of the most ambitious cyberattacks affecting virtual currency to date, Chicago-based IT security services provider Trustwave has revealed that a crybercrime ring known as Pony botnet is using a Trojan virus to steal from 30 types of digital currency wallets.
researchers found that credentials for approximately 700,000 digital wallet, email and desktop accounts have been compromised, and that up to $220,000 had been stolen from 85 digital currency wallets as of the time of writing.
Ziv Mador, director of security research at Trustwave, told CoinDesk that consumer and merchant wallets were both affected, and that bitcoins, litecoins, primecoins and feathercoins had been stolen in the attack.
But, what makes the Pony botnet unique, Mador said, is the breadth of its assault:
Trustwave indicates that while the attack has been persisting for months, it stopped suddenly on 24th February. However, in talks with other media outlets, Trustwave suggested it believes the cybercriminal network is still operating.
Initial data
Mador indicates that Trustwave has been following Pony botnet since September 2013. The official company blog post on the findings revealed that virtual currencies weren't the only digital assets attacked, as 600,000 website login credentials have been stolen by the group to date.
The $220,000 total represents the maximum amount stolen, as once cybercriminals have obtained a user's wallet.dat file, Trustwave noted that both parties share the file and that the true owner is impossible to reveal.
The total confirmed theft so far includes 335 bitcoins, 280 litecoins, 33 primecoins and 46 feathercoins. Trustwave provides a full list of the affected currencies, as well as charts that detail the coordinated efforts of Pony botnet's attacks in its blog post.
Stolen passwords across all affected digital assets - not just digital currency wallets - were most commonly retrieved from consumers in Germany, Poland and Italy, with roughly 50% of stolen passwords originating in these locations.
Protecting your wallet from attacks
Trustwave noted that Pony botnet likely found virtual wallets attractive, given their inherent qualities that provide for irreversible transactions, and the ease with which the currencies can be exchanged for fiat.
Still, relatively simple protections can stop Pony botnet's virus. Said Mador:
Those who believe their wallet may have been compromised by the attack can use a free tool provided by Trustwave that searches for affected wallets by public keys.
STORY CONTINUES BELOW
Image credit: Digital crime scene via Shutterstock