Researchers identify malware threat to virtual currencies

INTERPOL and Kaspersky Lab have identified a threat to the blockchain in virtual transactions that could result in them being embedded with malware or other illegal data.

Depending on the cryptocurrency and its protocols, there is a fixed open space on the blockchain – the public ‘ledger’ of transactions – where data can be stored, referenced or hosted within encrypted transactions and their records.

The design of the blockchain means there is the possibility of malware being injected and permanently hosted with no methods currently available to wipe this data. This could affect ‘cyber hygiene’ as well as the sharing of child sexual abuse images where the blockchain could become a safe haven for hosting such data.

It could also enable crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.

Vitaly Kamluk, principal security researcher at Kaspersky Lab said: “The core principle of our research is to forewarn about potential future threats coming from decentralized systems based on blockchains. While we generally support the idea of blockchain-based innovations we think that’s it is our duty, as a part of security community, to help the developers make such technologies sustainable and useful for the purpose they were intended for.”

“We hope that bringing potential problems to light now will help in improving such technologies in the future and will make it more difficult for them to be used for any malicious purpose,” Kamluk added.