Empty-handed customers of bankrupt bitcoin exchange Mt. Gox are being targeted in a ploy likely intended to distributed malware.
A spam message with the awkward phrase “Mt. Gox return to customers the bitcoins” in the subject line has been seen circulating, according to a Reddit user.
The bait targets the hundreds of thousands Mt. Gox customers locked out of their accounts when the company said 750,000 customer bitcoins, plus 100,000 of its own, disappeared, likely due to fraud. The company filed for bankruptcy in Tokyo District Court on Friday, leaving customers in a limbo.
The message includes a link to a website that clones the format of The Wall Street Journal although the domain name doesn’t try to spoof the publication. The Web page shows a video box with a prompt to install Adobe System’s Flash Player.
Fake versions of Flash Player have long been used by hackers, who hope victims will install whatever substitute program they’re offering.
“Sites offering a faint ray of hope in the form of ‘Mt. Gox is going to fix it all and please install this file, thanks’ could well add more misery to an already considerable pile,” wrote Chris Boyd, a malware intelligence analyst with Malwarebytes, who took at look at the site. “As always, steer clear.”
Although Malwarebytes hasn’t done a full analysis of the file behind the Flash Player facade, Boyd wrote a “.rar” file is downloaded.
“The infection rate for this one may end up being quite low, as one would imagine that anybody versed in the art of bitcoins is not likely to bother unzipping a .rar file to extract some random files,” Boyd wrote.