November 25, 2013, 11:51 PM — A new malicious software program, advertised for sale on underground forums, claims to mine and steal bitcoins, according to a Danish security company.
The Atrax malware is notable for its low US$250 price and use of TOR, short for The Onion Router, a privacy network that makes it difficult to track communications, wrote Jonas Monsted of CSIS in a blog post.
After seeing it advertised on Web forums, CSIS is looking for an active sample of Atrax to get a fuller understanding of its capabilities, Monsted wrote.
"We are looking at a new crimeware kit with a lot of different functions and plugins," he wrote.
Atrax, which is the name of a class of poisonous spiders found in Australia, falls into a class of "commercial" malware, created by coders and sold to other cybercriminals. Monsted wrote that Atrax comes with free updates, supports and bug fixes.
For an extra $110, Atrax's creators are offering a "stealer" plugin, which is capable of stealing bitcoin wallet files, which are small data files containing bitcoins.
Bitcoin software clients vary, and some wallet files require a password. But it appears Atrax would likely be capable of acquiring that password as well.
Atrax also has a virtual currency mining plugin, which costs $140. The plugin uses a victim's computer to mine for both bitcoin and litecoins, a spinoff virtual currency modeled on bitcoin.
Atrax communicates with its controllers using TOR, which encrypts outgoing information. Encryption masks information leaving a computer, making it unintelligible unless decrypted. Atrax's large file size, 1.2 MB, is apparently due to its TOR integration.
For $300, Atrax can include an HTTP POST form grabber, which will capture information entered on websites such as PayPal, Amazon, eBay and Bitcoin exchanges including Bitcoin.de and Mt. Gox.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk