Nearly 150 Strains of Malware Are After Your Bitcoins

Dell SecureWorks researchers have identified 146 types of bitcoin malware – and most of them are after your wallet.

AccessTimeIconFeb 27, 2014 at 3:42 p.m. UTC
Updated Dec 12, 2022 at 1:52 p.m. UTC

Computer security firm Dell SecureWorks has managed to identify 146 types of bitcoin malware in the wild.

The company’s researchers found the distinct breeds of malware had been specifically designed to steal bitcoins – a number of them presenting quite a danger to owners with coins stored either online or on their computers.

The firm concluded that the number of Windows-compatible cryptocurrency stealing malware (CCSM) strains has gone up in line with bitcoin’s increase in value.

The total of 146 strains is up from 45 a year ago, and 13 two years ago, the researchers say. The biggest spike came after bitcoin briefly broke the $1,000 mark late last year.

Cyber criminals tend to pursue high-growth markets. There has been a lot of focus on smartphones lately, and bitcoin is an obvious target on more than one level.

While most smartphone malware will steal personal info and cause various problems, bitcoin-targeted strains offer the added benefit to the criminals of stealing money with relative ease, and it appears that many can’t resist the allure of bitcoiners’ digital wallets.

Wallets in their sights

The most common type of CCSM is designed to go after digital wallets, for obvious reasons. The malware searches infected computers for wallet software – either by looking in specific locations or by searching all drives found on the system.

Once a wallet is located, the malware uploads it to a remote server, allowing the attacker all the time they need to crack the keys and steal the coins.

Many strains also log the victim’s key strokes, so the attacker does not even have to bother with any cracking. The keylogger provides all the passwords and credentials they will need to pull off a successful heist.

Some malware strains even trick people into sending bitcoins to the attacker.

These types detect when a bitcoin address is copied to the clipboard and put a different one in its place. When the user tries to paste the original during a bitcoin transaction, the substitute address is inserted and the funds are sent to the attacker.

This is also the most sophisticated angle of attack employed by the malware creators, as it does not require data to be sent to a remote server and can operate autonomously, making it much more challenging to detect.

Just recently, the Pony botnet managed to steal $220,000 worth of bitcoins from 30 different types of digital wallets.

Authentication risks

Although two-factor authentication is proving very popular in the bitcoin world, it is still vulnerable to attack. It does offer an added level of security, but advanced malware can successfully fool it.

Several exchanges are using two-factor authentication using one-time PINs, but some malware developers are one step ahead, with CCSM strains that can detect such systems and intercept the PIN as it is used. They then open a hidden browser window and simply log in from the victim’s computer.

Another issue of concern is that Dell SecureWorks found that standard antivirus scanners were incapable of detecting roughly 50% of the CCSMs in circulation.

Windows targeted

Unsurprisingly, Windows is by far the most popular platform for CCSM developers.

Researchers found that 99% of active bitcoin malware is targeted at Windows users, so those running Mac OS X or Linux are in a much more secure position.

Mac owners shouldn’t relax completely, however – most of the efforts to protect users from malware are aimed at Windows systems too, and the arrival of a serious malware threat could be bad news.

There is no word from the researchers on how Android and other mobile operating systems are affected by malware.

Many users overlook security on their mobile devices, but it should be pointed out that Android is by far the most popular platform for mobile malware developers.

Along with the facts that Apple does not allow bitcoin apps, and that many bitcoin users who need a mobile wallet are turning to Android, this sounds like a huge threat in the making for those using that platform.

With all this in mind, Dell SecureWorks is advising bitcoin users to switch to alternative wallets like Electrum and Armory, which use a split arrangement for key storage and appear to be the most secure option at the moment.

Of course, don’t forget that there are plenty of cold storage solutions out there too. Or you could even use the CoinDesk guide to make a paper wallet for your bitcoins.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.