MSIL / PSW.LiteCoin.A steals funds in the Litecoin system

Today we want to talk about the newly discovered Trojan program, which is focused on the theft of funds in the system of "digital currency» Litecoin . Litecoin is an analogue of the well-known Bitcoin system with some internal changes, you can learn more about it here . In fact, there are already a sufficient number of malicious programs, the purpose of which is user tools in the Bitcoin system. One of the latest members of this malware family is Skynet, detected by ESET as Win32 / Scoinet . A key feature of Scoinet is its use of the capabilities of the Tor anonymity service when building a botnet infrastructure, which prevents them from syncking with it. In addition, the malicious code Scoinet uses the capabilities of another well-known Zeus banking trojan to collect user account data, as well as the free CGMiner software for mining “ BitCoins ”.



Our LiveGrid telemetry system shows that the Skynet botnet is still very active, except for this we observed DDoS attacks emanating from this botnet. Statistics show that by the end of March the activity of the botnet has returned. It is possible that this is somehow related to the wave of DDoS attacks that followed in April. Interestingly, Win32 / Scoinet activity was also noticed in Holland.
')

Fig. Win32 / Scoinet.A activity timeline.


Fig. Win32 / Scoinet.A distribution geography.

More recently, we discovered a new Trojan program that is trying to steal virtual money in the form of an alternative digital currency called Litecoin. ESET detects this malicious code as MSIL / PSW.LiteCoin.A . In fact, his only possibility is that he sends the wallet.dat file to the malicious user's FTP server. The malicious code itself is written in C #.



According to LiveGrid, Win32 / PSW.LiteCoin.A is not widely available at this time. At the same time, attacks against Litecoin may be required by attackers in the future.