A new malicious software program, advertised for sale on underground forums, claims to mine and steal bitcoins, according to a Danish security company.
The Atrax malware is notable for its low $250 price and use of TOR, short for The Onion Router, a privacy network that makes it difficult to track communications, wrote Jonas Monsted of CSIS in a blog post.
After seeing it advertised on Web forums, CSIS is looking for an active sample of Atrax to get a fuller understanding of its capabilities, Monsted wrote.
“We are looking at a new crimeware kit with a lot of different functions and plugins,” he wrote.
Atrax, which is the name of a class of poisonous spiders found in Australia, falls into a class of “commercial” malware, created by coders and sold to other cybercriminals. Monsted wrote that Atrax comes with free updates, supports and bug fixes.
For an extra $110, Atrax’s creators are offering a “stealer” plugin, which is capable of stealing bitcoin wallet files, which are small data files containing bitcoins.
Bitcoin software clients vary, and some wallet files require a password. But it appears Atrax would likely be capable of acquiring that password as well.
Atrax also has a virtual currency mining plugin, which costs $140. The plugin uses a victim’s computer to mine for both bitcoin and litecoins, a spinoff virtual currency modeled on bitcoin.
Atrax communicates with its controllers using TOR, which encrypts outgoing information. Encryption masks information leaving a computer, making it unintelligible unless decrypted. Atrax’s large file size, 1.2 MB, is apparently due to its TOR integration.
Another module costing $90 can conduct DDoS (distributed denial-of-service) attacks, including UDP and TCP floods, HTTP-based “slowloris” and RUDY attacks, Monsted wrote.
For $300, Atrax can include an HTTP POST form grabber, which will capture information entered on websites such as PayPal, Amazon, eBay and Bitcoin exchanges including Bitcoin.de and Mt. Gox.