Bitcoin market price app, 'Bitcoin Alarm,' is carefully cloaked malware

The application contains a remote access Trojan, Arbor Networks said

Bitcoin Alarm, an application that sends bitcoin market price alerts, contains suspicious functions that may be used to steal the virtual currency, according to Arbor Networks.

Bitcoin Alarm, an application that sends bitcoin market price alerts, contains suspicious functions that may be used to steal the virtual currency, according to Arbor Networks.

If you get a spam message advertising an application called "Bitcoin Alarm," the name may tell you all you need to know.

The desktop Windows application sends price alerts by SMS to a mobile phone. But closer examination of its code turned up several suspicious traits that indicate it may try to steal the virtual currency, wrote Kenny MacDermid, a research analyst with security company Arbor Networks.

Bitcoin's skyrocketing value this year has drawn wide interest from investors as well as from cybercriminals. Bitcoins are secured by public key cryptography, and if the private key for a bitcoin is obtained, the virtual currency can be stolen in a flash.

MacDermid received three spam messages in one day promoting Bitcoin Alarm.

"I ignored it the first two times, but they must have really wanted me to look at it, so who am I not to oblige?" he wrote.

Tucked inside Bitcoin Alarm is a script that checks whether security software from Avast is running. If so, it stays quiet for 20 seconds. "It's a pretty solid chance that if software is checking for an antivirus engine, that it's up to no good," MacDermid wrote.

An encrypted file inside Bitcoin Alarm turned out to be a remote-access Trojan called NetWiredRC, which can be used to steal login credentials and, in this case, bitcoins, he wrote.

MacDermid submitted Bitcoin Alarm to VirusTotal, an online service that runs suspicious software programs through more than four dozen antivirus suites. On the first pass, only Kaspersky Lab's product detected Bitcoin Alarm, although more antivirus suites are picking it up now, MacDermid wrote.

"This free utility is nothing more than malware with very low detection rate being spammed to anyone that might have a bitcoin sitting around," he wrote.

A website for Bitcoin Alarm was created on Nov. 19, according to data from Domain Tools. A YouTube video showing how to install the application was uploaded there two weeks ago. The demonstration video uses a Windows computer set for German.

Efforts to reach Bitcoin Alarm via an email address on its website were not immediately successful.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags arbor networksInternet-based applications and servicessecurityinternetmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?