Bitcoin Malware Used to Exploit the Russia-Ukraine Crisis

Published at: Aug. 28, 2014

A group of hackers tried to leverage the current conflict between Ukraine and Russia by distributing malware aimed at Bitcoin wallets. Bitdefender Labs, a cyber-security company with a keen interest in the digital currency market, issued a report where it highlighted how the alleged hackers masked one type of malware as another.

Kelihos

Apparently, the perpetrators dispensed software programs that they claimed capable of unsettling the digital activities of the Western governments combating against the Russian territory.

In fact, the program secretly installed Kelihos, a malware package which was first identified 5 years ago. Kelihos can steal the content of a Bitcoin user’s wallet, and it features numerous other negative effects, too. The group’s most recent attack was aimed at Ukrainian Internet users, and it looks like 40% of those users were already impacted. Doina Cosovan, analyst for Bitdefender mentions:

“Some of the IPs might indicate the origin of servers specialized in malware distribution or other infected computers that became part of the Kelihos botnet. As most of the infected IPs are from Ukraine, this either means that computers in the country were also infected, or that Ukraine itself is home to the main distribution servers.”

Leaving aside the Bitcoin theft, it looks like Kelihos can also enslave a host computer to a worldwide botnet, thus permitting hackers to use that device and send out spam or even scan data and continue to spread malicious software.

A fake nationalist initiative

In the Bitdefender report, it was mentioned that hackers attempted to pass the “software” as a means for affected users to generate turmoil for the Russian government. Apparently, the message that came with the malware claimed the hacker’s location was inside Russia.

“We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and bellow [sic] you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.”

Bitdefender explained the message also included a link; clicking on that links means downloading Kelihos, and this is how the hackers were able to take control of a person’s computer.

Always under threat?

Despite the security improvements, there will always be people that can crack even the toughest and most secure alarm systems. Many upgrades were made in the way crypto currency fans store their digital currency. And yet, the threat of malware attacks aimed at Bitcoin will most likely ramp up in parallel with digital currencies’ increasing popularity.

With every day that goes by, the attempts to steal digital currency like Bitcoin are expanding. Kaspersky Labs notes that 22% of all malware attacks linked to finances targeted Bitcoin. Malware attempts come in the most convincing disguises, and they’ve managed to fool millions. This malware issue has attracted lots of attention from regulators and government officials, and it often serves as the basis for investor and consumer warnings on the subject of digital currency.

Agencies like the Securities Exchange Commission and the US Consumer Financial Protection Bureau have already warned against using cryptocurrencies and the malware problem is apparently the key reason for people to be wary of cryptocurrencies.

We at Cointelegraph believe that instead cryptocurrency ‘regulation’ by a centralized authority, which probably knows less about Bitcoin than your average Bitcoiner, we decided to present our readers with a list of possible cyber threats that they could encounter to avoid falling for the most common pitfalls when dealing with digital currencies.

Bitcoin Scams 101

Fraud – a scammer claims to sell digital or physical good and airline mileage but asks users to pay upfront. Basically, you send bitcoins but they don’t send out the goods; scammers may also use fake passports. Since Bitcoin is like hard cash, the transaction is irrecoverable once sent.

Pyramid schemes – the operators claim to offer “interest” for deposits in bitcoins. The method apparently generates “interest” through various methods, such as loaning digital currency to some of their site’s users. Rather than pay interest, the website’s operator pays using the new funds coming in.

Cloud hashing Ponzi – alleged mining groups sell mining capabilities in fractions; your initial investment will eventually be lost as they will claim the hashing difficulty increased.

Pre-order scams – some manufacturers may ask users to place an order (e.g. for mining equipment) and pay in advance; they accept Bitcoin payments but they don’t refund bitcoins if the price goes up; they may even declare bankruptcy to come clean.

The pump & dump – there are numerous digital currencies available and many are created with the sole intention of getting rich quick - the developer that is. People find out about the new coin, it is hyped up on crypto forums to increase its value and then the holdings are liquidated.

Phishing attempts – receiving fake emails that claim to be from famous Bitcoin companies. Users will be compelled to click a link that will take them to a fake website where they are prompted to enter the login info of the real site. If there’s no 2-factor authentication set up for your account, then it will probably be empty next time you look.

Gambling sites– since there’s no way to ban Bitcoin universally, it is ideal for gambling. Nonetheless, just like with any type of gambling platform online, there is always a possibility that it could be fake with back-doors permitting insiders to see your player cards and private information.

IPO/premine – an initial public offering allows investors to buy shares in a company, with the hope that one day, their value will increase in the future. Some of these companies are nothing more but mirages, however. But just like the tricky world of OTC stock markets, users are advised to research in advance prior to making an investment. This usually involves premining, which means that the developers set some coins aside for themselves before the public was able to download the client and mine their own coins. When the coins increase in value, the developers can potentially end up being the biggest holders. 

Did you enjoy this article? You may also be interested in reading these ones:

Bitcoin scams: How safe am I? #bitcoinfail: Top 10 Failures in Bitcoin History Bitpay Targeted By Phishing Attacks Again

Coin HR - the best way to find a perfect bitcoin job or an applicant for your vacancy. We connect talent with opportunity!

Tags
Bitcoin
Russia
Ukraine
Related Posts
Digital gold narrative valid as long as MicroStrategy holds Bitcoin, says exec
As some industry executives have questioned Bitcoin (BTC) as being the digital gold amid a massive market crash on Thursday, other experts continued to support the digital gold narrative for now, or until whale investors like MicroStrategy cash out. Ki Young Ju, CEO of South Korean on-chain analytics resource CryptoQuant, took to Twitter on Thursday to report that his platform has not observed any “significant on-chain activities” as of 11:00 AM UTC. Institutional investors who bought Bitcoin via on-chain transactions seem to have not sold their holdings yet, Ju wrote, adding that “institutions running algorithmic trading bots think BTC is …
Adoption / Feb. 24, 2022
Bitfinex refuses to freeze crypto belonging to non-sanctioned Russians
Amid global businesses boycotting the Russian residents over military conflict in Ukraine, some companies in the cryptocurrency industry stand up for the rights of non-sanctioned Russian citizens. Bitfinex, an affiliate firm of the world’s largest stablecoin provider, Tether (USDT), will not unilaterally freeze the accounts of ordinary Russian customers as part of the global sanctions unless it's forced to do so, a spokesperson for Bitfinex told Cointelegraph on Thursday. The representative emphasized that Bitfinex has taken appropriate action against the accounts of Russian users who have been sanctioned. “As with all our customer accounts, we work to ensure that there …
Bitcoin / March 11, 2022
Is the Ukraine war intensifying regulatory pressure on crypto firms?
Whose side are you on? The Ukraine-Russia war is forcing people to answer that question. For some in the crypto community, this can be uncomfortable because if an individual or project stands with the West against Russia, it also means it abides by sanctions. This can be tough to square with crypto/blockchain’s supposed decentralized system and its claims on being borderless, censorship-free and distributed. Take OpenSea, the NFT marketplace, which really isn’t a decentralized project but is often described as such. “OpenSea is a decentralized peer-to-peer marketplace for buying, selling and trading rare digital goods,” according to CoinMarketCap, for instance. …
Decentralization / March 11, 2022
Indie Russian news firm raises $250K in crypto after sanctions cripple finances
A Russian independent news company has raised more than $250,000 in cryptocurrency donations from supporters in order to continue reporting independent news under a barrage of Russian government propaganda and censorship. Meduza, a Latvian-based Russian-language news site that claims to report on “the real Russia, today,” has been asking for donations since April 2021 in the form of United States dollar, euro and cryptocurrencies including Bitcoin (BTC), Ether (ETH), BNB, Tether (USDT), Monero (XMR) and Zcash (ZEC). Since publishing their donations plea, the news company has received around $250,000 in crypto donations through 146,000 individual transactions. Around 93% of the …
Bitcoin / May 11, 2022
Core Scientific shuts down 37K mining rigs it was hosting for Celsius
Bankrupt cryptocurrency lender Celsius Network agreed to let Bitcoin (BTC) miner Core Scientific shut off more than 37,000 mining rigs it had been hosting for Celsius during the miner’s bankruptcy proceedings. Core Scientific filed a revised proposed order on Jan. 3 which incorporated “revisions acceptable to Celsius” noting “all Celsius rigs will be powered down effective January 3, 2023 and will not be restarted during the transition period.” Previously, Core Scientific accused Celsius of failing to pay its power bills on Oct. 19 citing the non-payment as a major factor leading to its liquidity issues after the Bitcoin miner filed …
Bitcoin / Jan. 4, 2023