This article was published on April 5, 2013

New Skype malware spreading at 2,000 clicks per hour makes money by using victims’ machines to mine Bitcoins


New Skype malware spreading at 2,000 clicks per hour makes money by using victims’ machines to mine Bitcoins

A new piece of malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money.

While malware has spread on Skype and mined Bitcoins before, putting the two together could be an effective new strategy.

Security firm Kaspersky discovered the threat, which it names Trojan.Win32.Jorik.IRCbot.xkt, on Thursday night. At the time, most of the potential victims were from Italy, Russia, Poland, Costa Rica, Spain, Germany, and Ukraine, with the average clicking rate hitting 2,000 clicks per hour:

208194213

The initial trojan is downloaded from a server located in India, and many anti-malware programs as measured by VirusTotal don’t detect it. Once the machine is infected, the trojan drops multiple other pieces of malware, using Hotfile to grab the bits and also connecting to a server located in Germany for further instructions.

For those who don’t know, Bitcoin is a decentralized digital currency, currently the most popular alternative to common forms of money. Because it has no central issuer, it has no single authority and thus no way to lock out certain users (or countries) out of the network. It can be used to pay for certain transactions both offline and online.

Bitcoin mining nodes are responsible for managing the Bitcoin network; Bitcoins are awarded to nodes known as miners for the solution to a difficult proof-of-work problem. The point of Bitcoin-mining malware is to use a computer’s resources to, without the user’s knowledge, mine Bitcoins. The cybercriminals then use these Bitcoins to generate a profit, while the victims’ computers slow down (sometimes to the point of becoming unstable and unusable).

In this case, the threat trojan maxes out the computer’s CPU:

208194215

To avoid this threat and others like it, don’t click on random links you receive on Skype. You’ll be doing yourself a favor, helping stop the spread of malware, and ensuring criminals get a smaller pay day.

Top Image Credit: Zach Copley

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with