Bitcoin enthusiasts beware- email security firm AppRiver has issued warnings about a malicious email circulating posing as an Amazon purchase confirmation. Once opened, it injects malware that pilfers for just about every type of cryptocurrency in existence.
‘Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations,’ confirmed Troy Gill, AppRiver’s manager of security research. ‘The messages simply state that ‘your order has been confirmed’ and contains a small amount of details. The user being targeted is directed to an attached .doc file for the shipping and tracking details.’
In order for the .doc to actually infect the user’s machine they must have Macro’s enabled for MS Word as the malware contained in the messages is identified as part of the Fareit malware family- a malware often distributed via Word documents with malicious macros embedded that has been known to drop multiple malware variants on the target machine.
In this particular case the malware quickly goes to work attempting to steal the Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera.
It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. It then begins pilfering the target machine for your Bitcoin and other crypto cash, including Electrum, Miltibit, FTB Disk, Litecoin, Terracoin, and numerous others.
‘This behaviour (stealing Crypto currency) is something we have been seeing with more frequency as of late,’ said Gill. ‘The anonymous nature and lack of regulation in the cryptocurrency market make it more akin to stealing actual cash than