Bitcoin Malware Used to Exploit the Russia-Ukraine Crisis

A group of hackers tried to leverage the current conflict between Ukraine and Russia by distributing malware aimed at Bitcoin wallets. Bitdefender Labs, a cyber-security company with a keen interest in the digital currency market, issued a report where it highlighted how the alleged hackers masked one type of malware as another.


Apparently, the perpetrators dispensed software programs that they claimed capable of unsettling the digital activities of the Western governments combating against the Russian territory.

In fact, the program secretly installed Kelihos, a malware package which was first identified 5 years ago. Kelihos can steal the content of a Bitcoin user’s wallet, and it features numerous other negative effects, too. The group’s most recent attack was aimed at Ukrainian Internet users, and it looks like 40% of those users were already impacted. Doina Cosovan, analyst for Bitdefender mentions:

“Some of the IPs might indicate the origin of servers specialized in malware distribution or other infected computers that became part of the Kelihos botnet. As most of the infected IPs are from Ukraine, this either means that computers in the country were also infected, or that Ukraine itself is home to the main distribution servers.”

Leaving aside the Bitcoin theft, it looks like Kelihos can also enslave a host computer to a worldwide botnet, thus permitting hackers to use that device and send out spam or even scan data and continue to spread malicious software.

A fake nationalist initiative

In the Bitdefender report, it was mentioned that hackers attempted to pass the “software” as a means for affected users to generate turmoil for the Russian government. Apparently, the message that came with the malware claimed the hacker’s location was inside Russia.

“We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and bellow [sic] you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions.”

Bitdefender explained the message also included a link; clicking on that links means downloading Kelihos, and this is how the hackers were able to take control of a person’s computer.

Always under threat?

Despite the security improvements, there will always be people that can crack even the toughest and most secure alarm systems. Many upgrades were made in the way crypto currency fans store their digital currency. And yet, the threat of malware attacks aimed at Bitcoin will most likely ramp up in parallel with digital currencies’ increasing popularity.

With every day that goes by, the attempts to steal digital currency like Bitcoin are expanding. Kaspersky Labs notes that 22% of all malware attacks linked to finances targeted Bitcoin. Malware attempts come in the most convincing disguises, and they’ve managed to fool millions. This malware issue has attracted lots of attention from regulators and government officials, and it often serves as the basis for investor and consumer warnings on the subject of digital currency.

Agencies like the Securities Exchange Commission and the US Consumer Financial Protection Bureau have already warned against using cryptocurrencies and the malware problem is apparently the key reason for people to be wary of cryptocurrencies.

We at Cointelegraph believe that instead cryptocurrency ‘regulation’ by a centralized authority, which probably knows less about Bitcoin than your average Bitcoiner, we decided to present our readers with a list of possible cyber threats that they could encounter to avoid falling for the most common pitfalls when dealing with digital currencies.

Bitcoin Scams 101

Fraud – a s