Bitcoin mining malware spreading on Skype, researcher says
A new Skype spam campaign directs users to malware that uses the computer's CPU to mine Bitcoins, according Kaspersky Lab researchers
Security researchers from Kaspersky Lab have identified a spam message campaign on Skype that spreads a piece of malware with Bitcoin mining capabilities.
Bitcoin (BTC) is a decentralized digital currency that has seen a surge in popularity since the beginning of the year and is currently trading at over US$130 per unit making it an attractive investment for legitimate currency traders, but also cybercriminals.
BTCs are generated according to a special algorithm on computers using their CPU and GPU resources. This operation is called Bitcoin mining and is usually performed by users who operate multi-GPU computer rigs. However, mining efforts can also be pooled for better results.
Cybercriminals have figured out that distributed Bitcoin mining is a perfect task for botnets and have started developing malware that can abuse the CPUs and GPUs of infected computers to generate Bitcoins.
A new spam campaign spotted Thursday on Skype tricks users into visiting a rogue bit.ly URL by using messages like "this is my favorite picture of you" as bait, Dmitry Bestuzhev, a malware researcher at Kaspersky Lab, said in a blog post.
Visiting the rogue URL prompts users to download a file called skype-img-04_04-2013.exe that's a malware installer with a low antivirus detection rate, he said.
According to Bestuzhev, the average click rate for the rogue URL is high, at over 2,000 clicks per hour. "Most of potential victims live in Italy then Russia, Poland, Costa Rica, Spain, Germany, Ukraine and others," he said.
The malware dropper connects to a command and control server in Germany and downloads additional pieces of malware. The malware does many things, but the most interesting one is to run a bitcoin mining application on the machine, the researcher said.
Users affected by this malware will experience abnormally high CPU usage on their computers as a result of the infection. "The campaign is quite active," Bestuzhev said. "If you see your machine is working hard, using all available CPU resources, you may be infected."