Cybercriminals Use Pony Botnet to Steal 700,000 Account Credentials, Virtual Currencies

Geographical distribution of stolen data

Back in December 2013, security researchers from Trustwave’s SpiderLabs revealed uncovering a stash of 2 million account credentials stolen by cybercriminals with the aid of the botnet dubbed Pony. Now, in addition to account credentials, experts say Pony has also been utilized to steal virtual currencies.

Cybercriminals have managed to steal a total of more than 700,000 credentials, 600,000 of which are for websites, 100,000 for email accounts, 16,000 for FTP servers, 900 for SSH, and 800 for Remote Desktop. This data was stolen between September 2013 and mid-January 2014.

Based on data from the control panel of the attack, experts determined that after four months of stealing information, the cybercriminals decided to stop the operation.

Most credentials have been stolen from Germany (41,177), Poland (17,214), Italy (15,672), the Czech Republic (14,835), Bulgaria (7,063), France (5,513), Croatia (4,725), Peru (4,616), India (2,761) and Vietnam (2,234).

Close to 80,000 Facebook accounts have been impacted, followed by ones on (13,740), (13,169), (11,712), (8,036), (6,589), (6,554), (6,175), (5,842) and (3,974).

The Pony botnet has also been used to target Bitcoin and other virtual currency wallets. Experts have found that the cybercriminals have stolen $220,000 (€160,000) worth of virtual currencies.

In addition to Bitcoin, the list also includes Litecoin, Feathercoin, Fastcoin, Bytecoin, Namecoin, Mincoin, Zetacoin and many others. In total, around 30 virtual currencies have been targeted.

Because of the high value of Bitcoin, the attackers didn’t even have to compromise a large number of wallets. They only hijacked a total of 85, out of which they transferred 355 Bitcoins, 280 Litecoins, 33 Primeoins and 46 Feathercoins.

While stealing money from bank accounts is becoming increasingly difficult for cybercriminals, when it comes to Bitcoin heists, there are a number of advantages. First of all, while all transactions are public, they’re also irreversible.

This means that if someone empties your wallet, there’s nothing you can do about it. There’s no one who can put the “money” back into the wallet and the accounts cannot be frozen to prevent theft.

Cybercriminals simply need to transfer the funds into their account on a trading website, convert the virtual coins to a real currency and move the money into their bank account.

If you fear that you might be one of the victims of the virtual currency heist, enter your public key (not private key) into anapp made by SpiderLabs to see if you’re impacted.

The company has also published a tool that allows users to check if their other accounts have been compromised. Just enter your email address to find out if your credentials have been stolen.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s