Shares 250 Views

How to Defend Against Keyloggers That Are after Your Bitcoins

Threat to Bitcoin Wallets (BC): How often are computers infected with keylogger malware that can steal bitcoin wallets?

Cyren (C): Malware that steals cryptocurrency wallets has been around since 2012. In 2013 there was a massive spike in this type of malware and it’s hard to say how many infections there have been, but:

We estimate that there are hundreds different types of cryptocurrency malware out there.

They are all after the same thing – the wallet, crypto addresses (Bitcoin address) and the password that protects the wallet. But the difference is how they do it and on what platform.

Common Ways to Get Infected

BC: How many different ways are there to get infected?

C: There are several ways to get infected.

The most common one would be from an email with attachment. The attachment can be in many different forms, for example an office document, pdf, JavaScript, or just an executable. Usually the email is a fake invoice from banks or delivery companies or something similar.

We then have the classic USB stick delivery method where the malware author drops USB sticks with the malware across the city or near an office building that he is targeting. When a victim picks it up to check what’s on the drive he gets infected by an auto run script on the USB stick.

Drive-by-downloads are also popular where the victim may accidentally visit a malicious web page that automatically downloads the malware. Malicious links or attachments via social media are also very popular these days.

Mobile Operating System

BC: Is the mobile operating system safer than a desktop PC?

C: The mobile operating system should be safer if the user sticks to the Google play store/iOS app store and is not installing apps from unknown sources.

There was a malware on android that exploited a bug in the android system to steal information from bitcoin wallets in 2013, but that has been fixed since then.

The most common mobile malware regarding cryptocurrency was to have a legitimate looking app, for example a flashlight app that was mining cryptocurrency in the background without the user knowing.

Android and iOS are pretty strict on the keylogging so it’s easier to exploit the desktop PC.

How to Check for Keyloggers

BC: How can we check if we are being keylogged?

C: For Windows users: Check which processes are running, using, for example, Task Manager, and look for something out of the ordinary.

Examining the outgoing network traffic from the PC is also effective. Look for strange outgoing connections.

Preventing Infection

BC: How do we prevent being infected with keylogger malware?

C: Obviously do not open strange attachments or click links from emails that you are unsure about. Always check who’s the sender by checking the email address, and if you are not expecting this document or attachment to be sent to you, then make sure you have someone with the proper knowledge to check it before exploring it further. Evidently, relying on users to police their email is a strategy which will have at best limited success.

Standard advice is also always to have anti-virus software on your PC which is up to date, but it’s known that traditional antivirus software recognizes less than half of malware attacks.  

Moreover, there can be quite a bit of latency from the time an endpoint anti-virus provider detects something to the time any black list is updated. So relying on user behavior and local anti-virus software is problematic. A better strategy is to use a first-rate secure email gateway which will detect and block delivery of the attachment in the first place. Also use a secure web gateway for internet traffic which inspects outbound connections, preventing the transmission of the data captured, even if infection happens. Make sure to install the latest operating system updates.

Removing Keyloggers

BC: What is the best way to get rid of keylogger malware?

C: First of all, scan the computer with an Anti-virus program that is up to date and see if it is able to remove the keylogger.

Open the task manager or activity monitor, depending on the operating system, and make sure every process that is running is safe and not malicious. If you find a process that is a keylogger, then make sure you remove it from the folder it starts up in, the registry, and any other places that it might be in. Search for the process name on the internet and if it’s a common one you will be able to find instructions on how to remove is.

After removing the keylogger it is good to reboot the system and monitor the process to see that it is not starting up and that it has been completely removed from the system.

Have any of your devices have been infected by keylogger malware? Let us know in the comments section below.

Images courtesy of Shutterstock, Cyren, Android, Apple, and Microsoft


You may be interested

shares6 views

Bets Against Bitcoin’s Price Are Nearing Record Highs

Brian Evans - Aug 21, 2018

BTC/USD shorts on Bitfinex are nearing record highs, leaving many to wonder if a short squeeze will occur like it did when the prior mark was set.

shares10 views

Major Players Use Blockchain to Streamline Agribusiness’ Creaking Supply Chain

Brian Evans - Aug 21, 2018

Let’s see why China and Australia are really into blockchain in the agriculture

shares18 views

Apple Co-Founder Steve Wozniak Flip-Flops on Blockchain, Joins Crypto Startup

Brian Evans - Aug 21, 2018

Apple co-founder Steve Wozniak discussed his involvement in a new crypto startup company and his interest in blockchain in general in a NullTx interview earlier this week.…

Most from this category

%d bloggers like this: