Less than 10 hours ago, someone posted on reddit’s r/bitcoin a link to download CryptocoinTrader (also known as “Cryptocoin Trader” with a space), an application that claims to be an open source “all in one BTC/LTC/NVC/USD/EUR/RUR/TRC/PPC/XPM/NMC [trader] for MtGox, Bitstamp, Btc-e and Cryptsy with detailed realtime information and customizable trading options.” Sounds useful, but in reality the precompiled .exe contains malware.
Reddit user strongleaf discovered that “The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).” bridgemiplugin.exe is a process used by Open Broadcaster Software, which records and live-streams a user’s computer screen. Here’s what the creator of Open Broadcaster Software had to say,
“This is Jim here. I wrote OBS, and R1CH pointed me to this thread.
I am really pissed off that someone did this with my software.
I can’t help but feel the need to defend my program and myself here, my software is open source, so people can modify the code as they please. I never intended it to be used in this way. Whoever did this is a serious asshole. I worked my ass off for this application over the past year and a half. So I just want to be clear before anyone throws any accusations at me or others on my dev team, I did not even let anyone give me any donations for the entire first year it was available. I now have at least a million and a half users, and people already donate to my team and I because of my program. If at any time I really need money (which I don’t, I have contract work thanks to my success with OBS), I would just start charging 2-3 dollars for a version with more features, or do some sort of donation voting for feature thing like synergy does, and that would be that. (People have over and over again told me I’m crazy for not)
I’m really pissed off that someone reprogrammed it to do something like this. I’m really sorry about this.
I couldn’t help but say this just in case some sort of drama started happening. This application is seriously my life right now. It’s the one big accomplishment I have in my life, it’s made my dad proud of me, the one person in the world who means the most to me, and I don’t want to see it tarnished because of some asshole in russia is scamming people using my publically available source code.”
Furthermore, the malware connects to 18.104.22.168, an IP address associated with Russian ISP Longbow Electric LLC.
As reddit user justcallmerod correctly states, “WOW. They can fucking own your screen while you use your PC.” The original SourceForge link for CryptocoinTrader indicates that the malware has already been downloaded 94 times. If you’re one of the people that has installed CryptocoinTrader, the safest thing would be to move all wallets off of your computer, change passwords to recently accessed websites (using a different computer), and finally reformat the hard drive.
If this sounds all too familiar, you’re right. Just recently it was reported that Mac malware called CoinThief steals Bitcoins from unsuspecting users. It pretends to be a legitimate application with clean source code, but the actual precompiled binary contains the trojan. CoinThief does not seem to be related to CryptocoinTrader (it runs on different platforms, after all), but it’s interesting that several Bitcoin-related trojans are popping up around the same time.
Headline image from gettyimages.