Tuesday, December 10 11:55:46
Banking trojan Hesperbot is evolving and is now capable of stealing from Bitcoin wallets, according to Dublin-based ESET.
As previously uncovered by ESET, Hesperbot is using very credible-looking spreading campaigns related to trustworthy organisations and lures victims to run the malware.
The malware itself has evolved as well - ESET has researched new versions of Hesperbot that can steal bitcoins.
It includes a module that attempts to access Bitcoin wallets that store private keys. "With the current high value of Bitcoin, the decision to add this module is quite understandable," says Robert Lipovsky, who heads ESET research into Hesperbot.
Earlier this year, ESET detected new variants of malware that attempted to steal Bitcoins, mine Bitcoins illegally, or break into wallets. Recently two sites hosting online wallets for the cryptocurrency Bitcoin were targeted by hackers - the 'heists' netted more than $1 million each. Oddly, though, this has not adversely affected the value of the cryptocurrency, which seems to thrive on publicity, whether positive or negative.
This sophisticated banking malware is spreading via phishing-like emails and also attempts to infect mobile devices running Android, Symbian and Blackberry. Detected as Win32/Spy.Hesperbot, this threat features keylogger capabilities, can create screenshots and video capture, and set up a remote proxy. The attackers aim to obtain login credentials giving them access to the victim's bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone.
"The Hesperbot operators are very active, causing real financial losses for bank's customers and it seems we still haven't heard the last of this malware," concludes Lipovsky.