Malware is increasingly common and dangerous these days. Now, a TrickBot Variant is successfully hacking cryptocurrency exchanges and stealing Bitcoin.
TrickBot malware surfaced in late 2016 and immediately took over the cyber world. Until now, TrickBot was thought to only be capable of stealing funds from financial entities such as blanks and blockchains. TrickBot was reportedly used primarily to make a profit by carrying out fraudulent transactions.
Now, according to researchers, the operators of TrickBot have expanded the scope of attack to reach countries all across the globe and target financial institutions such as banks, credit card service providers, private banking firms, and businesses. The latest findings of the X-Force cybersecurity firm at IBM reveal that this new TrickBot Variant, a banking Trojan, does not directly attack banks and instead targets individual transactions of cryptocurrency in order to steal Bitcoin.
This variety of TrickBot attacks is centered around the transactions that take place on and around cryptocurrency platforms. Cryptocurrency platforms offer a variety of services to users, such as exchanging coins for different forms of cryptocurrency, transferring coins between wallets, and buying Bitcoin using credit cards. TrickBot targets the specific function that enables users to purchase Bitcoin and Bitcoin cash from their credit cards; the attacks are enabled through web injections that intercept the credit card transaction and steal the information and Bitcoin during the exchange.
TrickBot Variant begins by following the transactions of users who intend on purchasing Bitcoin using their credit cards. The user is redirected from the Bitcoin exchange platform to the domain of the payment service provider. There, the user is required to supply his or her public Bitcoin wallet address to the exchange through a form and provide the number of coins that are to be purchased.
After the user has provided all of the required personal data, including his or her billing information and credit card details, the user confirms the purchase of the Bitcoin. This is the moment that the TrickBot variant steps into action and hijacks the coins. By intercepting the transition at this critical time, the malware is able to acquire cryptocurrency logic credentials, wallet details, and credit card information all in one blow.
TrickBot malware attacks are highly successful. Security experts believe that TrickBot is among the top-five malware specifically designed to steal funds. This particular form of attack targets both the Bitcoin exchange website and the website of the payment service in order to snatch the coins from the middle and re-route them to a new wallet that is controlled by the attackers. The TrickBot variant effectively targets the transactions from several fronts, and ultimately also acquires the user’s login credentials, credit card information, and wallet data.
“This means that even after the initial attack, cybercriminals can empty existing cryptocurrency wallets, make additional exchange purchases as the victim, and use the crew card information for whatever else they desire,” stated a spokesperson from IBM’s X-Force Research team.
Although researchers have not yet revealed the name of the exchange that is being especially targeted in this malware campaign, Coinbase Inc. was the last exchange to be effectively targeted by a cyber-gang with an earlier credit-card stealing variant of TrickBot in August of 2017.
Researchers note that the emergence of this new TrickBot variant can serve as an important reminder of the extent of sophistication that cyber attackers have achieved in the hacking of website platforms and exchanges of cryptocurrency. The latest endeavors of this TrickBot variant reveal the recent, tremendous improvement in malware web logic and security controls, which suggests that the malware gang behind TrickBot is continuously studying potential new targets and expanding the length of its reach.
There is some small amount of good news that can be obtained from this new area of crime. IBM researchers have concluded that this new style of attack on the cryptocurrency sector is incredibly labor-intensive, requiring a lot of work on the part of the cybercriminals.
Unfortunately, there is also bad news. Researchers also note that this is only the beginning of malware attacks of cryptocurrency transactions, and more exchanges will certainly be attacked in the future. Researchers expect to see many more assaults targeting platforms and service providers of cryptocurrency as the theft of cryptocurrency becomes increasingly popular among malware operators.