Atrax Bitcoin-Stealing Malware Now on Sale on Underground Forums
Researchers have discovered a new malare kit called Atrax which uses the anonymous Tor network to help cyber-criminals steal bitcoins.
Danish security researchers CSIS discovered the new commercial malware being sold by developers to other cybercriminals on several underground web forums.
The Atrax malware kit costs from just $250 (£155, €185) which ironically has to be paid for in bitcoins.
Atrax is just one of a growing number of what is known as 'commerical malware', created by software developers and sold to cyber-criminals. These criminals can then carrry out sophisticaed cyber-attacks with very limited technical knowledge.
Atrax is unusal in that it uses the Tor protocol to communicate with servers, enabling anonymous online communications through a private network. The Tor network (also known as the deep or dark web) hit the headlines recently when the FBI shut down the online drugs marketplace known as Silk Road, which allowed users to buy and sell drugs anonymously online.
Plugins
Once cyber-criminal but the basic Atrax package they can then pay to download and install separate plugins with different features including the ability to carry out DDoS attacks, mine and steal bitcoins and steal user information from online forms.
"We are looking at a new crimeware kit with a lot of different functions and plugins," writes researcher Jonas Monsted in a blog post. "The kit is designed to both be stealthy using Tor to communicate with [a Command and Control server] but also to be abused to conduct DDoS attacks and systematically stealing data from infected hosts."
According to Monsted, the engineers behind Atrax offer their customers free updates, support and fixes for any bugs in the program.
Bitcoin
A "stealer" plugin costing $110 has the ability to steal bitcoin wallet files and Atrax can even detect the passwords users may have implemented to protect the wallet.
There is also a virtual "Coin Mining" tool that the malware developers have labelled as "experimental" says Monsted, which costs $140 and lets users search a victim's computer for both bitcoins and litecoins, the another crypto-currency which uses the same protocols as bitcoins but are currently worth only a fraction of their better-known counterpart.
Adding the ability to conduct distributed denial-of-service (DDoS) attacks to take down websites costs $90, while a plugin to capture and steal information entered into secure forms on websites like PayPal, eBay, Amazon and bitcoin exchanges such as Bitcoin.de and Mt. Gox costs $300.
This week, Denmark-based bitcoin exchange Bips was attacked and saw 1,295 bitcoins stolen, currently valued at $1.13m. One of Europe's largest bitcoin exchanges, Bips was previously suffered significant DDoS attacks on 15 and 17 November.
© Copyright IBTimes 2024. All rights reserved.