Kaspersky Lab researchers have discovered a new malware which steals cryptocurrencies from a user’s wallet by replacing their address with its own in the device’s clipboard. Criminals are targeting popular cryptocurrencies such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

Indeed, criminals have already succeeded with bitcoin wallets, earning almost 100,000 dollars overall, according to our data. In addition, experts have found a new Trojan, designed for Monero mining, with some samples currently available in the wild.

 

With the cryptocurrency boom continuing across the world, it is fast becoming an attractive target for cybercriminals. Kaspersky Lab researchers have already seen a rise of miners, which have affected thousands of computers and generated hundreds of thousands of dollars.

 

In addition, experts have noticed that criminals are starting to use less advanced techniques and are spending less time and resources in this area. According to the research, cryptocurrency stealers – which have been increasing in prevalence since 2014, are again putting users’ crypto savings at risk.

 

Kaspersky Lab researchers have discovered a new CryptoShuffler Trojan, designed to change the addresses of users’ cryptocurrency wallets in the infected device’s clipboard (a software facility used for short-term data storage).

 

Clipboard hijacking attacks have been known for years, redirecting users to malicious websites and targeting online payments systems. However, cases involving a cryptocurrency host address are rare.

 

In most cryptocurrencies, if the user wants to transfer crypto coins to another user, they need to know the recipient’s wallet ID – a unique multi-digit number. Here is how the CryptoShuffler exploits the system’s need to operate with these numbers.

 

After initializing, the CryptoShuffler Trojan starts to monitor the device’s clipboard, utilized by users when making a payment. This involves copying wallets’ numbers and pasting them into the “destination address” line of the software that is used to carry out a transaction.

 

The Trojan replaces the user’s wallet with one owned by the malware creator, meaning when the user pastes the wallet ID to the destination address line, it is not the address they originally intended to send money to. As a result, the victim transfers his or her money directly to the criminals, unless an attentive user spots the sudden replacement.

 

The latter is usually not the case, since multi-digit numbers and the wallets’ addresses in blockchain are typically very difficult to remember. Therefore, it’s hard to define any distinctive features in the transaction line, even if it is directly in front of the user’s eyes.

 

Destination replacement in the clipboard occurs instantly, thanks to the simplicity of searching for wallet addresses: the majority of cryptocurrency wallets have a constant position in the transaction line and always use a certain number of characters.

 

Thus, intruders can easily create regular codes to replace them. Based on the research, CryptoShuffler works with a wide range of the most popular cryptocurrencies, such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

So far, based on observations from Kaspersky Lab researchers, the criminals behind the CryptoShuffler trojan have mostly succeeded in attacks against Bitcoin wallets – they were able to steal 23 BTC, which is equivalent to almost 100,000 USD. The total amounts in other wallets ranges from a few dollars to several thousand dollars.

 

“Cryptocurrency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals. Lately we’ve observed an increase in malware attacks targeting different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments at this time need to think about ensuring they have proper protection,” says Sergey Yunakovsky, malware analyst at Kaspersky Lab.

 

Experts have also found another Trojan targeting the Monero cryptocurrency – DiscordiaMiner, which is designed to upload and run files from a remote server. According to the research, there are some performance similarities with the NukeBot Trojan, discovered earlier this year. As in the NukeBot case, the Trojan’s source codes have been shared on underground hacking forums.

 

We recommend that users install robust security solutions that provide dedicated functionality for protecting financial transactions, like the Safe Money feature in flagship Kaspersky Lab solutions.

 

For greater security, this feature scans for vulnerabilities that are known to have been exploited by cybercriminals, constantly checks for specialized malware, guards transactions from intrusion with the help of Protected Browser technology and specifically protects the clipboard where sensitive data could be stored during copy/paste operations.

 

Kaspersky Lab products successfully detect and block these malware with the following detection names:

  • Trojan-Banker.Win32.CryptoShuffler.gen

  • Trojan.Win32.DiscordiaMiner

Learn more about newly discovered miners on Securelist.com

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 21 April 2018 1:52 PM | 562 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0.... See More
 
OPPO F7 Breaks New Ground in Capturing True Beauty
Techworld Date Posted: 1:52 PM | 562 Views
Now available for Philippine smartphone users, the all-new, highly anticipated OPPO F7 brings forth a new standard to smartphone photography with a new 25MP front-facing camera, powered by a best-in-class A.I. Beauty Technology 2.0...See More

 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 23 August 2018 2:03 PM | 336 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to.... See More
 
ADATA to Showcase Its Latest Innovations at IFA 2018
Techworld Date Posted: 2:03 PM | 336 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has announced that it will be showcasing its latest products and solutions at IFA 2018 in Berlin. Among the products to...See More

 
Power Mac Center Boosts Customer Care with New Service Center Mobile App
Techworld Date Posted: 26 October 2017 1:25 PM | 330 Views
As part of its commitment to provide premium service every day, premier Apple reseller Power Mac Center is launching PMCService,. See More
 
Power Mac Center Boosts Customer Care with New Service Center Mobile App
Techworld Date Posted: 1:25 PM | 330 Views
As part of its commitment to provide premium service every day, premier Apple reseller Power Mac Center is launching PMCService,See More

 
HyperX Joins ESGS 2017 with Team Execration
Techworld Date Posted: 25 October 2017 10:38 AM | 369 Views
HyperX, the gaming division of Kingston Technology, today announced their presence at ESGS 2017 and all the fun activities to engage with the vast Filipino Gaming Community at SMX Convention Center from October 27th.... See More
 
HyperX Joins ESGS 2017 with Team Execration
Techworld Date Posted: 10:38 AM | 369 Views
HyperX, the gaming division of Kingston Technology, today announced their presence at ESGS 2017 and all the fun activities to engage with the vast Filipino Gaming Community at SMX Convention Center from October 27th...See More

 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 3 January 2018 2:26 PM | 258 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.. See More
 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 2:26 PM | 258 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.See More

 
AOC Teams Up with 20th Century Fox for the Exclusive Screening of Kingsman: The Golden Circle
Techworld Date Posted: 25 September 2017 11:37 AM | 201 Views
AOC has partnered with no less than 20th Century Fox for the advanced screening of the much awaited, "Kingsman: The Golden Circle" and arranged a special dinner and programme for the members of the.... See More
 
AOC Teams Up with 20th Century Fox for the Exclusive Screening of Kingsman: The Golden Circle
Techworld Date Posted: 11:37 AM | 201 Views
AOC has partnered with no less than 20th Century Fox for the advanced screening of the much awaited, "Kingsman: The Golden Circle" and arranged a special dinner and programme for the members of the...See More

 
PLDT Home Brings PH’s First All-in-One Video-on-demand, Pay TV and Free Channels Streaming Device
Techworld Date Posted: 9 August 2017 2:35 PM | 232 Views
PLDT Home continues to prove why it is the country's digital services leader with its next-generation entertainment device: the Roku PoweredTM TVolution. Developed in partnership with Roku, the Silicon Valley corporation that pioneered the concept.... See More
 
PLDT Home Brings PH’s First All-in-One Video-on-demand, Pay TV and Free Channels Streaming Device
Techworld Date Posted: 2:35 PM | 232 Views
PLDT Home continues to prove why it is the country's digital services leader with its next-generation entertainment device: the Roku PoweredTM TVolution. Developed in partnership with Roku, the Silicon Valley corporation that pioneered the concept...See More

 
Shop the New iPhone XR at Power Mac Center
Techworld Date Posted: 4 December 2018 3:06 PM | 116 Views
The latest iPhone with the most advanced LCD in the industry has finally arrived at Power Mac Center. The premier Apple partner in the country welcomed the arrival of iPhone XR with a midnight.... See More
 
Shop the New iPhone XR at Power Mac Center
Techworld Date Posted: 3:06 PM | 116 Views
The latest iPhone with the most advanced LCD in the industry has finally arrived at Power Mac Center. The premier Apple partner in the country welcomed the arrival of iPhone XR with a midnight...See More

 
PLDT and Smart Ring in Christmas with ‘Holideals,’ Their Biggest Holiday Sale Yet
Techworld Date Posted: 16 November 2018 3:27 PM | 144 Views
Brace yourself as leading digital services provider PLDT Inc. and its mobile arm Smart Communications, Inc. are ushering in the Christmas season with the first ever ‘Holideals,’ their biggest holiday blow-out yet. See More
 
PLDT and Smart Ring in Christmas with ‘Holideals,’ Their Biggest Holiday Sale Yet
Techworld Date Posted: 3:27 PM | 144 Views
Brace yourself as leading digital services provider PLDT Inc. and its mobile arm Smart Communications, Inc. are ushering in the Christmas season with the first ever ‘Holideals,’ their biggest holiday blow-out yetSee More

 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 8 May 2018 3:07 PM | 277 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,.... See More
 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 3:07 PM | 277 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,...See More


Power by

Download Free AZ | Free Wordpress Themes