A new piece of malware propagating across Skype has been discovered that tries to convince the recipient to click on a link. What makes this particular threat different is that it drops a Bitcoin miner application to make the malware author money.
Security firm Kaspersky discovered the threat, which it names Trojan.Win32.Jorik.IRCbot.xkt, on Thursday night. At the time, most of the potential victims were from Italy, Russia, Poland, Costa Rica, Spain, Germany, and Ukraine, with the average clicking rate hitting 2,000 clicks per hour:
The initial trojan is downloaded from a server located in India, and many anti-malware programs as measured by VirusTotal don’t detect it. Once the machine is infected, the trojan drops multiple other pieces of malware, using Hotfile to grab the bits and also connecting to a server located in Germany for further instructions.
For those who don’t know, Bitcoin is a decentralized digital currency, currently the most popular alternative to common forms of money. Because it has no central issuer, it has no single authority and thus no way to lock out certain users (or countries) out of the network. It can be used to pay for certain transactions both offline and online.
Bitcoin mining nodes are responsible for managing the Bitcoin network; Bitcoins are awarded to nodes known as miners for the solution to a difficult proof-of-work problem. The point of Bitcoin-mining malware is to use a computer’s resources to, without the user’s knowledge, mine Bitcoins. The cybercriminals then use these Bitcoins to generate a profit, while the victims’ computers slow down (sometimes to the point of becoming unstable and unusable).
In this case, the threat trojan maxes out the computer’s CPU:
To avoid this threat and others like it, don’t click on random links you receive on Skype. You’ll be doing yourself a favor, helping stop the spread of malware, and ensuring criminals get a smaller pay day.
Top Image Credit: Zach Copley