NEW YORK (InsideBitcoins) — Bitcoin security risks may be falling. The security firm Kaspersky Lab has determined that there was a 7% drop in all financial malware attacks targeted toward bitcoin in the second quarter, compared to the an analysis completed at the end of 2013. Still, 22% of all financial malware attacks target bitcoin.
According to Kaspersky Lab’s research, 14% of malware attacks targeted bitcoin mining software. This is up from 8.91% from last year. However, the other 8% were aimed at bitcoin wallets, a decline of more than 20%. Some 4% were attributed to keyloggers, the act of recording keystrokes on a computer.
Stealing a wallet relies upon malware identifying a user’s wallet file on their computer, accessing it, and then transferring the funds from one wallet to another. Should these files be encrypted with strong passwords, the malware is less likely to be able to brute-force its way into the file and gain access to a user’s bitcoin.
Bitcoin users are getting wiser
“For a few years, bitcoin wallets from the Bitcoin Core client were not encrypted. Once encryption became a feature of the client, you would also need to figure out the person’s password in order to steal the money,” Peter Piasecki, a bitcoin security expert and chief scientist at Vancouver-based research firm Provable Inc., told Inside Bitcoins. “I am guessing that also desktop clients might’ve fallen out of favor with casual bitcoin users that might’ve been the most vulnerable target for wallet stealing malware.”
Piasecki says that bitcoin users are getting wiser about protecting their digital coin assets.
“A lot of people with a lot of coins have also gotten smarter about storing their money – putting it on a TrueCrypt archive, using multisignature addresses, or using BIP-38 encrypted wallets (brute forcing those is a lot harder),” he said. Brute forcing means that a hacker tries thousands of passwords in rapid fire, trying to find the right one.
Malware targeting mining
Malware targeting bitcoin mining is meant to use other people’s computer power to mine for another user. Mining in bitcoin requires a computer to complete a hash which is a mathematical formula. The more computer power a user has to complete these formulas, the more bitcoin they mine.
[See also: What is Bitcoin Mining?]
According to the IT security firm, Trend Micro, bitcoin-mining malware arrives via download or social media. These files are transferred in unknown downloads when a user is visiting a site. Many popups on illegitimate sites promising “clean computers,” and other offers could be delivering this type of malware.
Another method that Trend Micro revealed was via social media where a user unknowingly downloads one bit of malware which would then prompt the download of the mining software. With so many people retweeting and sharing statuses on Twitter and Facebook, such attacks are becoming more prevalent.
In April, a Bitcoin-mining malware, dubbed BadLepricon, was found on Google Play. Users would download a wallpaper app to their Android device and the app would actually turn the phone into a mining device.
The use of Bitcoin-mining malware has risen from 8.91% to 14% since Kaspersky Lab’s 2013 report.
“As for mining — with the advent of Litecoin and Bitcoin ASICs, a lot of altcoins started altering themselves to be ‘ASIC-resistant,’ meaning that the most efficient hardware for mining them would be a desktop computer. This meant that botnets would be the most efficient way of mining them,” Piasecki explained.
For now, though, it is important for users to scan their computers. Services like McAfee and Trend Micro can account for many different types of malware. Unfortunately, there are close to 150 different types of malware related to Bitcoin, so it will likely remain a continuing battle.