Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malware threat identified in virtual currencies: INTERPOL and Kaspersky Lab

Zafirah Salim | March 27, 2015
This malware could result in them being embedded with malware or other illegal data.

INTERPOL researchers, together with a specialist from Kaspersky Lab based at the INTERPOL Global Complex for Innovation (IGCI), have identified a threat to the blockchain in virtual transactions.

Depending on the cryptocurrency and its protocols, there is a fixed open space on the blockchain - the public 'ledger' of transactions - where data can be stored, referenced or hosted within encrypted transactions and their records. According to the researchers, this open space is a potential target for malware.

The design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect 'cyber hygiene,' where the blockchain could become a safe haven for hosting such data.  

It could also enable crime scenarios in the future, such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.

"Having identified this threat, it is now important for INTERPOL to spread awareness amongst the public and law enforcement, as well as encourage support from communities working in this field to find solutions for the potential blockchain 'abuse'," said Noburu Nakatani, Executive Director of IGCI.  

Vitaly Kamluk, Principal Security Researcher at Kaspersky Lab, added, "While we generally support the idea of blockchain-based innovations we think that's it is our duty, as a part of security community, to help the developers make such technologies sustainable and useful for the purpose they were intended for. We hope that bringing potential problems to light now will help in improving such technologies in the future and will make it more difficult for them to be used for any malicious purpose."

This research was unveiled at the Black Hat Asia 2015, which took place in Singapore from March 24 to 27.

 

Sign up for CIO Asia eNewsletters.