‘Pony’ Botnet Gallops Off With 2 Million Passwords. In what appears to be a worldwide attack, cybercriminals have successfully stolen 2 million account passwords with a botnet known as “Pony.”
How’d they do it? Using a system of compromised computers, hackers were able to capture login credentials for a variety of accounts from social networking sites such as Facebook, Twitter, and LinkedIn, email providers Google and Yahoo, and payroll provider ADP. The name “Pony” may sound cute, but these professional cyber thieves have made it clear that they aren’t horsing around. The majority of passwords stolen in this well-orchestrated attack were from Facebook with 318,121 (57% of the stolen passwords), followed by Google with 70,532 (13%), Yahoo with 59,549 (11%), and Twitter with 21,708 (4%).
LinkedIn passwords accounted for about 1.5% of all stolen credentials, and ADP about 1.4% of the total. Cybercriminals target social networks not because they want to see your photos and private messages, but because they view them as a means to an end. New Apple Mac Trojan Called OSX/CoinThief Discovered. Malware: OSX/CoinThief.A Date Discovered: February 9th, 2014 Updated: February 13, 2014 Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.
SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior: The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file.
This makes it so the app doesn't appear in the Dock. A copy of the real Bitcoin Ticker TTM/Litecoin Ticker main binary is hidden in the app bundle. At that time, the malware program unpacks and installs its payload (the background process and web browser plugins), then moves the correct app binary for Bitcoin Ticker TTM/Litecoin Ticker back into place, and removes the LSUIElement entry from the app's Info.plist file. Bitcoin Turmoil: Proof of Concept or Fatal Flaw? You know the term trial by fire.
Of course you know the phrase fatal flaw. Now what do these two phrases have to do with bitcoin? Take a look at recent events in the digital money world and decide for yourself. When you see not one, not two, but three bitcoin exchanges throwing up the STOP sign and halting withdrawals -- When you find out that there was a reported $2.7 million theft involving bitcoin you have to wonder what is going on, don't you? Is this some sort of twisted Revenge of the Nerds tale or something else entirely? The storyline so far is starting to look like a tale from the Wild Wild West.
What is going on indeed? How is this possible? This bitcoin bug is euphemistically referred to as "transaction malleability. " What does it mean for bitcoin and the future of digital money? Hold on there. Seriously though, take a minute and at least take a peek at the other side. Perhaps this is your chance. As outlined above, bitcoin has been under attack lately. Pony Botnet Virus Steals $220,000 from 30 Types of Digital Wallets. In what is being called one of the most ambitious cyberattacks affecting virtual currency to date, Chicago-based IT security services provider Trustwave has revealed that a crybercrime ring known as Pony botnet is using a Trojan virus to steal from 30 types of digital currency wallets.
Pony/CoinThief: Apple iOS and OS X Bug the Target? » Cryptocurrency and Bitcoin News, BTC Trading Analysis and Chat. The pony/CoinThief Botnet stole 700,000 online credentials and heisted $220,000 from online cryptocurrency wallets Reports of Apple’s urgent promises to fix a bug that allows intruders to spy on financial, email, and other personal data in OSX have been in the media since last week.
Now researchers have identified the Pony Trojan, which, as coincidence would have it, is known to have spied on financial, email and other personal data via web forms. In the process, Pony heisted more than 700,000 online account credentials, as well as stealing $220,000 from online cryptocoin wallets. notice: please note that the vulnerability does not apply to PC and phone based client wallets but to online wallets. CCN has a link to Trustwave’s Wallet Checker at the bottom of this article. While the exact attack vector is not yet known, it is plausible that the specific target of Pony may have been the same vulnerability currently being patched by Apple.