Mt. Gox is the the largest Bitcoin exchange in the world, and as such it and its users are being repeatedly targeted by attackers.
Some two months ago, it battled a massive DDoS attack that was likely aimed at destabilizing the virtual currency and allow the criminals to profit from the swings.
Now, according to Symantec researchers, the criminals have turned to spoofing Mt. Gox’ site and tricking its customers into downloading malware – the Ponik downloader Trojan, which is also able to steal passwords.
This fake pages were set up on domains that resembled Mt. Gox’ legitimate one (mtgox.com), such as mtgox.org, mtgox.co.uk, mtgox.net, and others. Also, the criminals have done a good job promoting the phishing site via ads (“New Century Gold: BITCOIN Protect your money – Buy Bitcoin”) served by several major online advertising services.
The fake page is a pretty good spoof of the legitimate one, but there are details that reveal its real nature. For example, the phishing page does not use the SSL security protocol (i.e. there is no https in the URL).
“Mt.Gox has started to intensify the verification process of its members, allowing deposits or withdrawals only from verified accounts. They appear to be doing as much as possible to comply with anti-money laundry laws in order avoid the same fate as Liberty Reserve, which was shut down by federal prosecutors in May,” Symantec researchers pointed out, and advised users to change their passwords and verify their accounts.
Users who have fallen for this particular phishing scam would also do well to check their computers for this and other malware.