Bitcoin enthusiasts beware- email security firm AppRiver has issued warnings about a malicious email circulating posing as an Amazon purchase confirmation. Once opened, it injects malware that pilfers for just about every type of cryptocurrency in existence.
'Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations,' confirmed Troy Gill, AppRiver's manager of security research. 'The messages simply state that ‘your order has been confirmed’ and contains a small amount of details. The user being targeted is directed to an attached .doc file for the shipping and tracking details.'
In order for the .doc to actually infect the user’s machine they must have Macro’s enabled for MS Word as the malware contained in the messages is identified as part of the Fareit malware family- a malware often distributed via Word documents with malicious macros embedded that has been known to drop multiple malware variants on the target machine.
In this particular case the malware quickly goes to work attempting to steal the Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera.
It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. It then begins pilfering the target machine for your Bitcoin and other crypto cash, including Electrum, Miltibit, FTB Disk, Litecoin, Terracoin, and numerous others.
'This behaviour (stealing Crypto currency) is something we have been seeing with more frequency as of late,' said Gill. 'The anonymous nature and lack of regulation in the cryptocurrency market make it more akin to stealing actual cash than to committing wire fraud by raiding someone’s online bank accounts. But in this case the cybercriminals are okay with that too- the last observed behaviour was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information.'
Thankfully, most users are immune if they have Macros disabled by default, but Gill goes on to warn that those who have it already emabled or choose to follow the prompt and enable them will get infected.
However this latest warning is likely to cause yet more anxiety over the security of Bitcoin and other cryptocurrencies, as attackers are clearly getting more imaginative as to how they target the virtual pockets of cryptocurrency users.