There is a new Trojan that can steal cryptocurrencies from a user’s wallet by replacing their address with its own in the device’s clipboard.
So far, attackers have been able to pilfer 23 BTC, which is equivalent to almost $140,000, said researchers at Kaspersky Lab. The amount stolen from other wallets range from a few dollars to several thousands.
A CryptoShuffler Trojan creator has already been operating for a year, targeting a wide range of the most popular cryptocurrencies such as Bitcoin, Ethereum, Zcash, Dash, Monero and others, said researchers at Kaspersky Lab.
The peak in this activity was the end of last year, followed by a quiet period, which lasted until June. “Clipboard hijacking” attacks like this are not new, but researchers said incidents involving a cryptocurrency host address are rare.
CryptoShuffler’s mechanism is very simple and effective, capitalizing on the common transaction process used by most cryptocurrency users.
The Trojan begins by monitoring the infected device’s clipboard, the researchers said. Users utilize this software facility when making a payment: They copy a recipient’s walled ID number and paste it into the “destination address” line in the software they are using to make their transaction. What they don’t know is the Trojan then replaces the user’s wallet address with one owned by the malware creator. Therefore, when the user pastes the wallet ID to the destination address line, it is already not the address they originally intended to send money to and as a result, the victim transfers their money directly to criminals.
CryptoShuffler’s ability to replace a destination literally takes milliseconds because it’s so simple to search for wallet addresses – the majority of cryptocurrency wallet addresses have the same beginning and certain number of characters. Attackers, then, can easily create regular codes to replace them.
With this trick, criminals are exploiting users’ lack of paying attention. When making a payment, users do not usually check their multi-digit numbers, especially since the wallet addresses in blockchain are complicated and often very difficult to remember. Users don’t pay much attention to checking any distinctive features in the transaction line, even if a slight change could cost them a lot.
“Cryptocurrency is not tomorrow’s technology anymore. It is becoming part of our daily lives, actively spreading around the world, becoming more available for users, and a more appealing target for criminals,” said Sergey Yunakovsky, malware analyst at Kaspersky Lab. “Lately, we’ve observed an increase in malware attacks targeted at different types of cryptocurrencies, and we expect this trend to continue. Users considering cryptocurrency investments should think about protecting their investments carefully.”
To keep crypto savings safe, users should pay close attention during transactions, and always check the wallet number listed in the ‘destination address’ line against the one you are intending to send coins. Users should also be aware that there is a difference between an invalid address and an incorrect address: In the first case, the error will be detected and the transaction won’t be completed; in the latter, you will never see your money again.