Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Bitcoin Hit By Gameover Malware, Chinese Crackdown

China gets tough with exchanges trading Bitcoins, while new malware variant targets Bitcoin customers.

Top 10 Cloud Fiascos
Top 10 Cloud Fiascos
(click image for larger view)

Bitcoin aficionados were hit with a double whammy Wednesday, after China's largest Bitcoin exchange, BTC China Exchange, stopped accepting Chinese Yuan. The same day, security experts warned that a new variant of the Gameover malware, which is based on the Zeus banking Trojan, has begun targeting Bitcoin exchanges.

News of the blocking of Chinese Yuan (a.k.a. renminbi) deposits at Shanghai-based BTC China triggered a Bitcoin selloff, which caused the currency to lose about half of its value, dropping from a high of $1,250 Wednesday to a Bitcoin being offered for sale for just $636. At the Mt Gox exchange, meanwhile, the value of a Bitcoin Wednesday was averaging about $570.

The Chinese central bank's Bitcoin crackdown -- seen by some commentators as the government's attempt to bring the volatile virtual currency under control -- reportedly sparked a retaliatory series of distributed denial-of-service attacks that disrupted the website of the People's Bank of China.

[ Is mobile security improving? Read Android AV Improves But Still Can't Nuke Malware.]

The crackdown started last month, when the People's Bank of China prohibited the country's financial institutions from handling Bitcoins. On Monday, the central bank expanded that prohibition, telling all third-party payment providers that they must cease providing clearing services to all cryptographic virtual currencies -- including Bitcoin and Litecoin -- by the end of January.

"We essentially got notice from our third-party payment provider that they will discontinue accepting payments for us and new deposits," BTC China CEO Bobby Lee told the South China Morning Post. "We're still operating a bitcoin exchange in China, legally, and we're still allowing people to deposit and withdraw bitcoin and withdraw renminbi."

BTC China has been the world's largest Bitcoin exchange, handling 40% of the world's Bitcoin trading. But much of that trading has come from mainland China.

"A lot of people put Bitcoin's rise over recent months to China where interest in it has gone through the roof," Emily Spaven, editor of digital currency news site CoinDesk, told the BBC. "People are getting frightened that with the new regulations the country could now drop out of the ecosystem. Going forward, it's certainly not the end of Bitcoin, but people have been panic selling."

Beyond the wildly fluctuating value of Bitcoins, Bitcoin aficionados should also beware a new version of the Gameover banking malware, which has been updated to steal login credentials for Bitcoin exchanges. That warning was sounded by cybercrime expert Etay Maor, who works for IBM's Trusteeer. He said in an interview that the Bitcoin-targeting malware variant has been active since at least Nov. 29.

"This Gameover variant waits until an infected user attempts to log into the BTC China website," Maor said in a related blog post. "When this occurs, the malware steals the victim's username and password and suspends the session temporarily." That pause is so the malware can launch a social engineering attack against the user, by employing HTML injection to request that the user of the infected PC share the one-time password sent by BTC China to authorize the transaction.

"Once the cybercriminal has the victim's credentials he can easily perform an account takeover and assume control of the Bitcoins associated with the account," Maor said.

The Gameover variant is just the latest attack to be launched against Bitcoin users and exchanges. Many previous attacks have targeted -- and drained -- free e-wallet services that allow people to store their Bitcoins online. One of the virtues of attacking those sites is that if a hacker is successful, he can sell the stolen cryptographic currency anonymously.

"By definition, it won't be traceable," said Maor.

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.

InformationWeek Conference is an exclusive two-day event taking place at Interop where you will join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from each other and honor the nation's leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. You can find out more information and register here. In Las Vegas, March 31 to April 1, 2014.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Brian.Dean
100%
0%
Brian.Dean,
User Rank: Apprentice
12/19/2013 | 8:52:33 AM
Re: Is this where bitcoin comes unraveled?
I guess as long as the Chinese central bank has more mass then BitCoin -- the result will always be the same. Speaking of mass, I don't know why the central bank would even bother going after BitCoin, I mean it's not like BitCoin is a super AI using computational resource under the cloak of mining and transactions. 
Mathew
50%
50%
Mathew,
User Rank: Apprentice
12/19/2013 | 5:52:52 AM
Re: Is this where bitcoin comes unraveled?
Wait, wasn't that the Illuminati? Paging Dan Brown ... 
David F. Carr
50%
50%
David F. Carr,
User Rank: Strategist
12/18/2013 | 10:05:24 PM
Is this where bitcoin comes unraveled?
Have to wonder if this is the beginning of the end. At least the dollar is backed by God.
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.