Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages

In early March this year, while investigating various threats as part of our Facebook malware cleanup effort, we ran across an interesting one that was spreading in zipped files attached to messages.

The messages themselves were classic social engineering bait that lead the users to install the executable file in the attachment, which turned out to be a Bitcoin miner, which we identify as Trojan:W32/Lecpetex.

Some of the more interesting details of our analysis are presented in our Lecpetex whitepaper.

lecpetex_cover (66k image)

Facebook’s own investigation into Lecpetex lead to an operation to take down the botnet. More details about their takedown effort, and the results from their parallel analysis of the malware, are available here.

Post by — Mangesh

Updated to add details and link to Facebook’s takedown post.

On 09/07/14 At 03:22 AM

Read more: Trojan:W32/Lecpetex: Bitcoin miner spreading via FB messages

Incoming search terms

Story added 9. July 2014, content source with full text you can find at link above.