A digital security company announced it has discovered a new malware aimed at Bitcoin wallets and distributed by a group of hackers that is trying to make the most of the current conflict between Ukraine and Russia.
Bitdefender Labs, a firm with public interest in the digital currency market, recently published a report where it analyzes the threat. According to the document, the malware, called Kelihos, was firstly identified four years ago and is now being distributed by the hackers through special software programs.
To attract downloads, the hackers claim the software is capable of unsettling the digital activities of the western governments combating against the Russian territory, CoinTelegraph reports. The message that comes with the hidden malware can be read below:
We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and bellow [sic] you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.
However, what the software really does is hiding the malware, which will then steal the content of a Bitcoin user’s wallet, among other negative effects. Kelihos is also able to connect the infected computer to a worldwide botnet, giving the hackers access to the device and send out spam or scan data, thus continuing to spread malicious software.
According to Wikipedia, “the Kelihos botnet is a so-called peer-to-peer botnet, where individual botnet nodes are capable of acting as command-and-control servers for the entire botnet. In traditional non-peer-to-peer botnets, all the nodes receive their instructions and ‘work’ from a limited set of servers – if these servers are removed or taken down, the botnet will no longer receive instructions and will therefore effectively shut down. Peer-to-peer botnets seek to mitigate that risk by allowing every peer to send instructions to the entire botnet, thus making it more difficult to shut it down”.
Bitdefender Labs reported that the most recent attack perpetrated by the hackers was aimed at Ukrainian users, impacting a large number of victims.
Doina Cosovan, analyst for Bitdefender, said that “some of the IPs might indicate the origin of servers specialized in malware distribution or other infected computers that became part of the Kelihos botnet. As most of the infected IPs are from Ukraine, this either means that computers in the country were also infected, or that Ukraine itself is home to the main distribution servers”.