Beware: Bitcoin Mining Malware Spreading through Skype

By Saturday, April 6, 2013 0 , , , Permalink 0

Mostly active in European countries, the malware is known to spread through a spam message on Skype. Cyberthugs have figured out a way to distribute Bitcoin mining software that when leveraged in a botnet environment can generate handful of Bitcoins by abusing the CPUs and GPUs of infected systems.

Bitcoin, a decentralized virtual currency, has seen a great upsurge in the last few days and has been trading at over $130 per unit. Bitcoins are generated through special algorithms that require high processing and take up quite a lot of CPU and GPU time. Resources from multiple systems can be used in a pooled setup thereby making the mining process a lot faster and effective.

Researchers over at Kaspersky lab have identified a new spam campaign on Thursday that tricks gullible Skype users into clicking a shortened URL with messages like “this is my favorite picture of you.” Once clicked, users will be promoted to download a file named ‘skype-img-04_04-2013.exe’, which is a malware dropper with currently very low detection rate.

According to a blog post by Dmitry Bestuzhev, a malware researcher at Kaspersky Lab, the rogue URL is currently getting somewhere between 2000 clicks an hour and “most of potential victims live in Italy then Russia, Poland, Costa Rica, Spain, Germany, Ukraine and others.”

Once downloaded and executed, the malware dropper connects to a C&C in Germany and downloads more malware. Apart from the routine botnet client sort of activities, the malware runs a bitcoin mining application on the infected system. Users of infected systems would experience arrant CPU usage and will have troubles carrying out their routine activities.