A new trojan identified as Infostealer.Coinbit is propagating in the wild and targeting Bitcoin digital wallets installed on computers running Windows, Stephen Doherty, security response engineer at Symantec, wrote in a blog post Thursday. The malware attempts to locate a user's Bitcoin digital wallet and email it back to attackers.
“We expect that [similar code] will find a way into other malware considering the amount of attention this sort of attack is currently receiving and with the amount of Bitcoins currently available for purchase,” Doherty said.
Bitcoins are a form of virtual currency created in 2009 that can be transferred anonymously from person to person online, without going through a bank. They are accepted today by some online merchants and can be traded for actual dollars at online currency exchanges, such as Mtgox.com.
Earlier this week, a user with the handle “allinvain” posted on a Bitcoin forum that a hacker had stolen 25,000 Bitcoins, theoretically valued at $500,000 at current exchange rates, from his account. The user speculated that cybercriminals made off with the money after using malware to compromise his Windows machine.
"Needless to say I feel like I have lost faith in Bitcoin," the user wrote.
Sean Sullivan, security adviser at anti-virus firm F-Secure, said in a blog post Friday that the malware was being distributed via links sent through a Bitcoin forum chat application.
In light of the malware, Bitcoin users should encrypt their digital wallets and use strong passwords to prevent attackers from using brute-force tactics to force their wallets open, Symantec's Doherty said.
Bitcoin has gained attention recently following a Gawker report on the underground drug market known as Silk Road, where Bitcoins are the standard payment method for heroin, cocaine, LSD and other illegal substances.
As a result, attacks targeting Bitcoins are likely to become more prevalent, experts predict.
Researchers at Symantec have warned that compromised computers will likely in the future be used for Bitcoin mining, a way of earning Bitcoins by using a machine's computational power and open-source Bitcoin software to solve cryptographic problems.
The security firm has not identified any botnets being used to mine Bitcoins, but said with a network of 100,000 compromised computers, an attacker could earn up to the equivalent of $3,000 in Bitcoins in 24 hours.