A trojan named “Pony” has been blamed for stealing more than $220,000 worth of cryptocurrencies from users’ online wallets. Many of those users may still be unaware of their loss.
Please note that a client wallet hosted on your PC or phone is not affected by this security alert.
The trojan Pony, which operated as an advanced botnet between September 2013 and mid-January 2014, stole approximately 700,000 online credentials and successfully compromised 85 online wallets containing a range of cryptocoins – including Bitcoin.
At the time of writing, Trustwave’s Spiderlabs, has found evidence of the following amounts being transferred out of online wallets by the trojan:
~ 355 BitCoins
~ 280 LiteCoins
~ 33 PrimeCoins
~ 46 FeatherCoin
Other cryptocurrency wallets believed to have been vulnerable to Pony theft are:
Since cryptocurrency addresses and wallets are anonymous, there is no way to contact the owners of affected wallets. Hence, Trustwave have created a webpage where you can enter your wallet’s public key to check whether it is in the list of compromised accounts: Trustwave Account Checker
Note to readers: Your public key is, by definition, public and revealing it does not compromise your wallet security. However, take care to NOT enter any private keys!
Pony was first identified in December, by McAfee, for using keystroke logging to steal “approximately 2 million passwords” from popular social media sites:
Using a system of compromised computers, hackers were able to capture login credentials for a variety of accounts from social networking sites such as Facebook, Twitter, and LinkedIn, email providers Google and Yahoo, and payroll provider ADP.
The number of credentials quoted by McAfee is far greater than the figure of 700,000 now declared by Trustwave, who have also determined that the operators of the botnet ceased all activity in mid-January:
Last modified (UTC): April 24, 2014 16:08