A new version of Pony Loader, the notorious malware family used to distribute the P2P Gameover Zeus trojan, has been spotted in the wild with modifications allowing it to steal crypto-currencies.
Version 1.9 of the malware was leaked onto the web some time ago, allowing anyone who knows where to look to download and use it to steal sensitive information and drop additional malware onto a victim’s machine.
However, researchers at Damballa claimed they found a new iteration being sold on the cybercriminal underground as Pony Loader version 2.
This version contains the same password list, obtained from “several database hacks” as v1.9, allowing attackers to brute force a victim’s account, according to Damballa malware reverse engineer, Isaac Palmer.
He warned in a blog post that those trying to sell the source code claim the new version can steal crypto-currency wallets from the following platforms:
Electrum, MultiBit, Litecoin, Namecoin, Terracoin, Bitcoin Armory, PPCoin (Peercoin), Primecoin, Feathercoin, NovaCoin, Freicoin, Devcoin, Frankocoin, ProtoShares, MegaCoin, Quarkcoin, Worldcoin, Infinitecoin, Ixcoin, Anoncoin, BBQcoin, Digitalcoin, Mincoin, Goldcoin, Yacoin, Zetacoin, Fastcoin, I0coin, Tagcoin, Bytecoin, Florincoin, Phoenixcoin, Luckycoin, Craftcoin, Junkcoin and the original Bitcoin client.
“Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and Bitcoin private keys using these programs risky,” he wrote.
Advice from Bitcoin itself, meanwhile, is to update to a newer version of the client “which provides a method to encrypt with a passphrase the private keys stored in the wallet”.
As they grow in popularity, crypto-currencies like Bitcoin and its many rivals are becoming an increasingly sought after target for cybercriminals, often because security remains rudimentary at best.
Just last week a German hacker was revealed to have exploited a vulnerability in Synology NAS boxes to mine Dogecoins to the value of over $600,000.