You are at: Home » Malware connected to the Russia-Ukraine conflict empties Bitcoin wallets

Malware connected to the Russia-Ukraine conflict empties Bitcoin wallets

Last updated on:
Fact Checker

A digital security company announced it has discovered a new malware aimed at Bitcoin wallets and distributed by a group of hackers that is trying to make the most of the current conflict between Ukraine and Russia.

Bitdefender Labs, a firm with public interest in the digital currency market, recently published a report where it analyzes the threat. According to the document, the malware, called Kelihos, was firstly identified four years ago and is now being distributed by the hackers through special software programs.

ukraine-russia-940x593To attract downloads, the hackers claim the software is capable of unsettling the digital activities of the western governments combating against the Russian territory, CoinTelegraph reports. The message that comes with the hidden malware can be read below:

We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and bellow [sic] you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.

However, what the software really does is hiding the malware, which will then steal the content of a Bitcoin user’s wallet, among other negative effects. Kelihos is also able to connect the infected computer to a worldwide botnet, giving the hackers access to the device and send out spam or scan data, thus continuing to spread malicious software.

According to Wikipedia, “the Kelihos botnet is a so-called peer-to-peer botnet, where individual botnet nodes are capable of acting as command-and-control servers for the entire botnet. In traditional non-peer-to-peer botnets, all the nodes receive their instructions and ‘work’ from a limited set of servers – if these servers are removed or taken down, the botnet will no longer receive instructions and will therefore effectively shut down. Peer-to-peer botnets seek to mitigate that risk by allowing every peer to send instructions to the entire botnet, thus making it more difficult to shut it down”.

Bitdefender Labs reported that the most recent attack perpetrated by the hackers was aimed at Ukrainian users, impacting a large number of victims.

Doina Cosovan, analyst for Bitdefender, said that “some of the IPs might indicate the origin of servers specialized in malware distribution or other infected computers that became part of the Kelihos botnet. As most of the infected IPs are from Ukraine, this either means that computers in the country were also infected, or that Ukraine itself is home to the main distribution servers”.

Maria is an experienced journalist currently living in the UK. She has been writing about Bitcoin and the altcoin universe since 2013. She is also a member of the Lifeboat Foundation's New Money Systems Board and a big cryptocurrency supporter.

View all Posts by Maria Santos

Free Bitcoin Crash Course

Learn everything you need to know about Bitcoin in just 7 days. Daily videos sent straight to your inbox.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We hate spam as much as you do. You can unsubscribe with one click.
We hate spam as much as you do. You can unsubscribe with one click.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top