Users of 'Btc-e' cryptocurrency exchange reporting spike in email phishing attempts
Bitcoin exchange 'Btc-e' was previously targeted by hackers in 2014iStock
Users of a popular cryptocurrency exchange called Btc-e are reporting a significant spike in email phishing attempts, a potential harbinger of a fresh spam or malware campaign being launched in an attempt to defraud the bitcoin community. The reports emerged this week (2 May) on the bitcoin sections of Reddit and Twitter, with many recipients posting images of the spam that appears to currently be in circulation.
The attacker is luring victims by asking them to "review attached Btc-e codes" and claiming they only have a matter of hours to redeem them. The emails contain a password and a Microsoft Word document. Sender names vary, with some to date including Pierce Cynthia and Parsons Dillon. One Reddit user wrote: "In the word document it claims to be an encrypted document (really just an image). To decrypt it you have to enter the code from the email. Once you do that it downloads a program that encrypts your whole computer."
Another claimed: "I got the same thing. Seems like btc-e.com has had a breach of their account details. [The attacker] had my email and username, passwords may have been taken too but likely hashed so it may be worth changing your password just to be on the safe side." According to one Twitter user with name "GasGeverij" – a self-described penetration tester – the slew of fraudulent emails may be part of a "well-organised spam campaign leveraging [the] new Office vulnerability bypassing Gmail and Yahoo filters". This is in reference to recent reports from cybersecurity firms McAfee and FireEye, which discovered a bug in Word that hackers could exploit by using attached documents to spread malware and exploit kits. Before a patch was released it put "millions of users" at risk.
Alan Zibluk – Markethive Founding Member