The conflict between Russia and the Ukraine has gotten bad in a new way. Hackers are exploiting the clash, using it to steal bitcoin. It is the perfect circumstance to sneak malware into bitcoin wallets. But an analysis of the malware behind the attacks reveals a huge botnet and further exploits.
Digital Currency Hacks
Hacking digital currency is not a new exploit. Hackers have been going after it since it first came out. But taking advantage of the Russia-Ukraine conflict is a new angle. The malware being released by the hackers can steal bitcoin. But it can also be used to upset digital efforts of countries in the West that are struggling against Russia. The hackers used it to spread malware by pretending to be nationalists standing against Western countries that were using political and economic actions against Russia.
Bitdefender Labs is the cyber security company that made the report on the bitcoin hacks. They said that the malware used by the hackers to steal from bitcoin wallets was in fact a Trojan virus. This Trojan is known as Kelihos malware, which was also reported by Microsoft some years ago as a type of backdoor.
Kelihos was designed to steal bitcoin and has now infected a large number of servers, over 40% of which are in the Ukraine. This can mean that the Ukraine is being attacked, or the malware originated in the Ukraine. Bitcoin analyst Doina Cosovan explains that the IPs traced might tell us that the infected servers are those that are the focus of malware delivery. Or, they could point out computers that were infected to be recruited as part of the botnet used by the hackers to spread the malware.
The spam attacks were traced by Bitdefender to 49 distinctive IP addresses and domains. The company looke further and found that the botnet was very large with many connections to servers and recruited computers. Kelihos was used by the attackers to develop this huge botnet of zombified computers so they could spread their malware to steal increasingly more data and more digital currency.
This allows the hackers to freely distribute spam, scan data on the infected computers, and spread the malware further.
Bitdefender said that the hackers pretended to be nationalists and tried to distribute the software to those who are against Western countries taking economic and political measures against Russia.