"Buy $500 antivirus from us," say cyber-criminals

Fake video claim users can recover lost Mt. Gox Bitcoins

If you’re one of the people affected by the recent Bitcoin blowout over on Mt. Gox, be wary of too-good-to-be-true mentions of lost digital cash being returned to worried owners. From the following Reddit thread:

I’ve noticed a scam mail that is going around the internet recently claiming that mtgox has decided to return customers their bitcoins.

It goes by

Have you lost your MTGOX Coins? go watch our news to claim your Bitcoins back! [dot]bitcoinbreaknews[dot]com/mtgox-lost-coins”

The poster mention that running the offered executable attempted to download additional files. They’ve also upped some screenshots of their digging around which are worth checking out.

After looking at it myself, it seems that the original URL in the link above (“mtgox-lost-coins”) has been taken down – however, the site itself is still up, is still offering up “Flash Player” and it has a different MD5 to the file originally served so they’re likely changing up the download files every so often.

The site appears to have scraped the content of wsj.com, and added an “Install Adobe Flash Player” box over the top which is supposedly required to play the video. Clicking the Install button downloads a .rar file containing the executable in question.

Watch this vid?

The infection rate for this one may end up being quite low, as one would imagine that anybody versed in the art of Bitcoins is not likely to bother unzipping a .rar file to extract some random files.

Should they choose to unzip and run the executable in a state of desperate panic anyway, they’ll find a new entry lurking in their roaming folder:

Uh oh

We’re still taking a look at the installed files, but for now users of Malwarebytes Anti-Malware Pro (or those using the 14-day trial) will find the site is blocked with website blocking active.

There’s all sorts of issues with Mt. Gox at the moment, from bankruptcy and call centers to claims relating to theft and supposed hacking. In the middle of all of this are the Bitcoin users who may currently be missing large amounts of digital currency.

Sites offering a faint ray of hope in the form of “Mt. Gox is going to fix it all and please install this file, thanks” could well add more misery to an already considerable pile.

As always, steer clear.

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.