Pony Loader malware targets Bitcoin wallets
A new piece of malware being traded on the criminal market aims to steal victim's BitCoin wallets. Damballa Threat Research, which identified the Pony Loader 2.0 malware, says it expects to see an increase in thefts.
Pony Loader, also referred to as Fareit, has been around for a few years and has the ability to steal sensitive information from a victim's computer and install additional malware. This may include taking stored credentials for email, web and FTP accounts. In the past, Pony has been used to distribute the P2P GameOver Zeus Trojan.
The latest version, which was first listed for sale last month but which has been circulating online since early 2014, has a number of enhancements the most serious of which is to allow it to steal virtual currencies. In addition the original Bitcoin client Pony Loader 2.0 can target more than 30 other wallets including Electrum, MultiBit, Litecoin, Namecoin, Terracoin and Bitcoin Armory.
It also has the ability to decode saved passwords from popular programs including Firefox, Google Chrome, Thunderbird, Internet Explore and Windows Mail.
Writing on the Damballa blog, Issac Palmer, Malware Reverse Engineer says, "Given the capability to steal stored credentials from a wide variety of software, users should consider storing their passwords and Bitcoin private keys using these programs risky".
The blog also gives more information on the malware and the full list of programs which it targets.