Malware detected on CryptocoinTrader program
Earlier, there was a link posted on Reddit to download an open source program known as CryptocoinTrader which is an all in one trader for BTC/LTC/NVC/TRC/PPC/XPM/NMC and supports BTC-e, Cryptsy, Bitstamp, Bitfinex and MtGox. That sounds all too well, and the truth is the precompiled .exe contains malware.
Redditor strongleaf decided to run the precompiled .exe on his virtual machine and discovered that “The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).” bridgemiplugin.exe is a process used by Open Broadcaster Software to do a live stream of the user’s screen. The creator of Open Broadcaster Software responded:
This is Jim here. I wrote OBS, and R1CH pointed me to this thread.
I am really pissed off that someone did this with my software.
I can’t help but feel the need to defend my program and myself here, my software is open source, so people can modify the code as they please. I never intended it to be used in this way. Whoever did this is a serious asshole. I worked my ass off for this application over the past year and a half. So I just want to be clear before anyone throws any accusations at me or others on my dev team, I did not even let anyone give me any donations for the entire first year it was available. I now have at least a million and a half users, and people already donate to my team and I because of my program. If at any time I really need money (which I don’t, I have contract work thanks to my success with OBS), I would just start charging 2-3 dollars for a version with more features, or do some sort of donation voting for feature thing like synergy does, and that would be that. (People have over and over again told me I’m crazy for not)
I’m really pissed off that someone reprogrammed it to do something like this. I’m really sorry about this.
I couldn’t help but say this just in case some sort of drama started happening. This application is seriously my life right now. It’s the one big accomplishment I have in my life, it’s made my dad proud of me, the one person in the world who means the most to me, and I don’t want to see it tarnished because of some asshole in russia is scamming people using my publically available source code.
The malware initiated connection from 185.17.1.222 which is Russian ISP, Longbow Electric Llc.
The SourceForge link indicated that there were 81 downloads. Those who have installed the malware are advised to change passwords on recently accessed websites with a different machine, move your wallets off of your computer, and finally reformat your computer to prevent any potential wallet hacks.
