New trojan hijacks your PC for Bitcoin mining

A new trojan has appeared on Skype that takes over your PC and turns it into a remote processor for generating Bitcoins.

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
3 min read

A new trojan has appeared on Skype that takes over your PC and turns it into a remote processor for generating Bitcoins.

(Best money closer to the top image by Zach Copley, CC BY-SA 2.0)

Bitcoin is a strange beast. The open source virtual currency is not considered a real currency by the US Government — but all a currency really needs to gain traction is belief in its value. Thus, Bitcoin has taken off, rapidly skyrocketing in the last couple of months to the point where it's now at an exchange rate of US$165 (at time of writing).

To put that in perspective, in just May of 2010, a US$25 pizza was worth around 10,000 Bitcoins.

How do you get Bitcoins, though? In very simple terms, the process is called "mining", and it allows the user to allocate their computer's resources to the Bitcoin server, increasing the server's security and processing power. In return, the user can generate Bitcoins. What the computer is actually doing is solving complex mathematical problems — and as you might imagine, this can use up a fair amount of your CPU. It also takes a long time; one home computer working alone could generate maybe one or two Bitcoins a month.

The best way to get a lot of Bitcoins, then, is to have a lot of computers working on the problems — and that's what a new trojan is designed to achieve. Discovered by Kaspersky Lab over the weekend, the new trojan hijacks the user's computer to mine Bitcoins, with the results lining the virtual pockets of whoever created it — probably lured by the Bitcoin's high exchange rate.

The malware spread via a Skype message reading: "This is my favourite picture of you", and including a bit.ly link. When the user clicks on the link, the computer automatically starts downloading a file called "skype-img-04_04-2013.exe". This is the trojan — and although the message might seem a little obvious to us, as well as the fact that you never, ever install a strange exe, it's still working.

As Dmitry Bestuzhev of Kaspersky pointed out, "An average clicking is also pretty high, with more than 2k clicks per hour. Most of potential victims live in Italy, then Russia, Poland, Costa Rica, Spain, Germany, Ukraine, and others."

The malware apparently does "many things" (Bestuzhev did not elaborate), but users are most likely to notice the effects of the Bitcoin mining operation, which seriously chews into the host computer's CPU.

This is not the first time cyber thieves have been snared by the siren song of the Bitcoin. In 2011, a trojan called Badminer did something similar, while another trojan managed to steal Bitcoins that users had already generated. If the Bitcoin continues to rise in value — or even manages to maintain its current value — we'll probably be seeing a few more, too.

It probably won't be long until antivirus software has updated to include the definition of this new trojan, but in the meantime, be wary of any vague-sounding messages, be extremely careful with shortened links, and do not ever open an exe file you don't know.