UPDATED 06:00 EDT / FEBRUARY 15 2018

INFRA

New TrickBot banking trojan variant is targeting cryptocurrency exchanges

Prolific banking trojan TrickBot has taken on a new challenge, with a new variant detected now targeting cryptocurrency exchanges.

The new version, detected by IBM Corp.’s X-Force security research team, follows the path of previous variants in using web injections to steal the target asset. But where previously the target asset was only credit card transactions, the new variant also targets bitcoin at the point it’s purchased.

“In the normal payment scenario, the user looking to buy coins provides their public Bitcoin wallet address and the amount of bitcoin to purchase,” the researchers explained in a blog post today. “When submitting this initial web-form, the user is redirected from the bitcoin exchange platform to a payment gateway on another domain, which is operated by a payment service provider. There, the user fills in their personal information as well as credit card and billing details and confirms the purchase of coins.”

It’s at this point TrickBot hijacks the coins, attacking notably both the exchange site and the payment service to do so.

If that’s not bad enough, the new TrickBot variant targets both sides of the transaction: It obtains the victim’s cryptocurrency exchange login credentials, wallet information and credit card information, allowing the attackers to continue to target the victim on multiple fronts.

“This means that even after the initial attack, cybercriminals can empty existing cryptocurrency wallets, make additional exchange purchases as the victim, and use the credit card information for whatever else they desire,” a spokesperson for IBM X-Force told SiliconANGLE.

Interestingly, the attack appears to be focused on one particular exchange, unnamed by the researchers but said to allow for the purchase of bitcoin and Bitcoin Cash by credit card. Coinbase Inc. was previously targeted by the same gang using an earlier credit card-stealing TrickBot variant in August.

In conclusion, the researchers noted that the new TrickBot variant demonstrates the sophistication of the gang behind it. “The scheme required extensive research of the targeted sites, their web logic and the security controls they use,” they said. “It highlights what we already know about this malware gang: it is a group that continues to study new targets and expand its reach.”

The bad news is that they also believe that there’s more to come: “As the theft of cryptocurrency becomes increasingly popular among financial malware operators, we expect to see a many more campaigns targeting the various platforms and service providers in the cryptocurrency sector.”

Image: IBM X-Force

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.