Bitcoin-stealing malware lived on download.com for almost a year
Early this month, a group of researchers discovered malware on download.com that siphoned Bitcoin from unknowing victims.
It’s believed to have been on the prominent site for nearly a year.
The research team observed three types of applications floating around on the 163rd most visited site in the world (according to Alexa rankings).
According to some estimates, the hacker (or hackers) have raked in about US$ 80,000 from their exploits on the website.
The malware first appeared on download.com May of 2016 and has been downloaded from the website for at least 4,500 times.
While the malware has been since removed, the researchers couldn’t pinpoint an exact date – only speculating that it could have been March of last year.
The Malware floated around download.com – a top 200 website based on Alexa rankings – for almost a year
Researchers first acted after learning from a Reddit user how they tried to access their Monero account but started receiving strange notifications saying the address was invalid.
The mismatched web addresses prevented the user from being victimised, but it wouldn’t have been easy to detect if the user tried to access their Bitcoin account instead.
The malware found on the website was a Win32 Disk Imager application trojan.
The malware was able to intercept wallet addresses that were copy-pasted on clipboards, replacing them with the hacker’s hardcoded bitcoin wallet address.
Those who were infected by the malware could clean up their system by removing the downloaded installers and malicious folder, and by deleting the ScdBcd registry value key.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.
