On Monday, we told you about the rogue actor who inserted malware into Yahoo ads. Now we’re hearing that after worming its way onto PCs, the malware attempted to steal their computational resources to mine Bitcoins, according to security firm Light Cyber.
In short, if you live in Europe, visit Yahoo.com regularly, and use a PC with an old version of Java, you may be helping cybercriminals mine Bitcoins.
“From December 31 to January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines – specifically, they spread malware,” reads a statement from Yahoo, which reiterated that users outside Europe weren’t affected. People who accessed the site through Macs or mobile devices are also safe, according to Yahoo.
Light Cyber estimates the malware attack began on December 29, however. It redirected victims to a site hosting the Magnitude exploit kit, which serves up a medley of nasty threats, including banking trojans, adware, and downloaders.
“The attackers made sure they exploited each of the millions of infected machines to its full worth by employing Bitcoin miners, WebMoney wallet hackers, personal information extraction, banking information extraction and generic remote access tools,” Light Cyber founder Giora Engel told VentureBeat in an email. “You rarely see such an abundance of trojans being employed in such a short time span on so many machines at once.”
The hackers made a special effort to mine Bitcoin efficiently, added Engel, who said they employed an optimized 64-bit Bitcoin mining software when it was supported by the infected computer.
As many as two million European Yahoo users may have contracted the PC malware by visiting the site’s homepage last week, reports the Guardian. Yahoo has yet to release official numbers or address how its systems were compromised.
Bitcoin is a lucrative market for malicious hackers, who find the virtual currency’s embedded anonymity appealing. In addition to Bitcoin malware, which hijacks computers to use them as part of a “bitnet” (bitcoin mining network), cybercriminals have developed new forms of ransomware that encrypts the content of infected computers and directs victims to pay for an access key with Bitcoins.
Updated at 9:28 AM PT with a comment from Light Cyber founder Giora Engel