Kaspersky Lab researchers have discovered a new malware which steals cryptocurrencies from a user’s wallet by replacing their address with its own in the device’s clipboard. Criminals are targeting popular cryptocurrencies such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

Indeed, criminals have already succeeded with bitcoin wallets, earning almost 100,000 dollars overall, according to our data. In addition, experts have found a new Trojan, designed for Monero mining, with some samples currently available in the wild.

 

With the cryptocurrency boom continuing across the world, it is fast becoming an attractive target for cybercriminals. Kaspersky Lab researchers have already seen a rise of miners, which have affected thousands of computers and generated hundreds of thousands of dollars.

 

In addition, experts have noticed that criminals are starting to use less advanced techniques and are spending less time and resources in this area. According to the research, cryptocurrency stealers – which have been increasing in prevalence since 2014, are again putting users’ crypto savings at risk.

 

Kaspersky Lab researchers have discovered a new CryptoShuffler Trojan, designed to change the addresses of users’ cryptocurrency wallets in the infected device’s clipboard (a software facility used for short-term data storage).

 

Clipboard hijacking attacks have been known for years, redirecting users to malicious websites and targeting online payments systems. However, cases involving a cryptocurrency host address are rare.

 

In most cryptocurrencies, if the user wants to transfer crypto coins to another user, they need to know the recipient’s wallet ID – a unique multi-digit number. Here is how the CryptoShuffler exploits the system’s need to operate with these numbers.

 

After initializing, the CryptoShuffler Trojan starts to monitor the device’s clipboard, utilized by users when making a payment. This involves copying wallets’ numbers and pasting them into the “destination address” line of the software that is used to carry out a transaction.

 

The Trojan replaces the user’s wallet with one owned by the malware creator, meaning when the user pastes the wallet ID to the destination address line, it is not the address they originally intended to send money to. As a result, the victim transfers his or her money directly to the criminals, unless an attentive user spots the sudden replacement.

 

The latter is usually not the case, since multi-digit numbers and the wallets’ addresses in blockchain are typically very difficult to remember. Therefore, it’s hard to define any distinctive features in the transaction line, even if it is directly in front of the user’s eyes.

 

Destination replacement in the clipboard occurs instantly, thanks to the simplicity of searching for wallet addresses: the majority of cryptocurrency wallets have a constant position in the transaction line and always use a certain number of characters.

 

Thus, intruders can easily create regular codes to replace them. Based on the research, CryptoShuffler works with a wide range of the most popular cryptocurrencies, such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

So far, based on observations from Kaspersky Lab researchers, the criminals behind the CryptoShuffler trojan have mostly succeeded in attacks against Bitcoin wallets – they were able to steal 23 BTC, which is equivalent to almost 100,000 USD. The total amounts in other wallets ranges from a few dollars to several thousand dollars.

 

“Cryptocurrency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals. Lately we’ve observed an increase in malware attacks targeting different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments at this time need to think about ensuring they have proper protection,” says Sergey Yunakovsky, malware analyst at Kaspersky Lab.

 

Experts have also found another Trojan targeting the Monero cryptocurrency – DiscordiaMiner, which is designed to upload and run files from a remote server. According to the research, there are some performance similarities with the NukeBot Trojan, discovered earlier this year. As in the NukeBot case, the Trojan’s source codes have been shared on underground hacking forums.

 

We recommend that users install robust security solutions that provide dedicated functionality for protecting financial transactions, like the Safe Money feature in flagship Kaspersky Lab solutions.

 

For greater security, this feature scans for vulnerabilities that are known to have been exploited by cybercriminals, constantly checks for specialized malware, guards transactions from intrusion with the help of Protected Browser technology and specifically protects the clipboard where sensitive data could be stored during copy/paste operations.

 

Kaspersky Lab products successfully detect and block these malware with the following detection names:

  • Trojan-Banker.Win32.CryptoShuffler.gen

  • Trojan.Win32.DiscordiaMiner

Learn more about newly discovered miners on Securelist.com

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Unlocking Insights for Sustainable Development in ASEAN with Data and Analytics
Techworld Date Posted: 15 December 2017 10:19 AM | 247 Views
Data has become the new life force that drives the world today. Businesses have always leveraged their company or customer information to make better, smarter, real time, fact-based decisions – from developing a new.... See More
 
Unlocking Insights for Sustainable Development in ASEAN with Data and Analytics
Techworld Date Posted: 10:19 AM | 247 Views
Data has become the new life force that drives the world today. Businesses have always leveraged their company or customer information to make better, smarter, real time, fact-based decisions – from developing a new...See More

 
DJI Brings RoboMaster 2017 Finals to Twitch
Techworld Date Posted: 1 August 2017 3:35 PM | 255 Views
DJI, the world's leader in civilian drones and aerial imaging technology, today announced that the RoboMaster 2017 competition finals will be livestreamed exclusively on social video platform Twitch1. RoboMaster 2017 is an annual robotics.... See More
 
DJI Brings RoboMaster 2017 Finals to Twitch
Techworld Date Posted: 3:35 PM | 255 Views
DJI, the world's leader in civilian drones and aerial imaging technology, today announced that the RoboMaster 2017 competition finals will be livestreamed exclusively on social video platform Twitch1. RoboMaster 2017 is an annual robotics...See More

transcend
PC Buyers Guide
Meet Transcend at Perfectshot SM North Edsa to Get Free Gifts and Join the Lucky Draw
Techworld • By: PC Buyers Guide | Date Posted: 21 November 2018 10:51 AM | 154 Views
Get ready for the biggest camera SALE and have fun with Transcend! Visit the PerfectShot at SM City North Edsa (Upper Ground Floor, Centermall near SM Dept. Store) from November 22 to 28, 2018.... See More
PC Buyers Guide
transcend
Meet Transcend at Perfectshot SM North Edsa to Get Free Gifts and Join the Lucky Draw
Techworld • By: PC Buyers Guide | Date Posted: 10:51 AM | 154 Views
Get ready for the biggest camera SALE and have fun with Transcend! Visit the PerfectShot at SM City North Edsa (Upper Ground Floor, Centermall near SM Dept. Store) from November 22 to 28, 2018...See More

 
Lenovo Continues Support for Youth Organizations, Named Exclusive Technology Partner Anew of TAYO Awards Foundation
Techworld Date Posted: 15 February 2018 5:13 PM | 255 Views
Lenovo, one of the world’s biggest technology companies, is once again the official technology partner of the Ten Accomplished Youth Organizations (TAYO) Awards Foundation, Inc.. See More
 
Lenovo Continues Support for Youth Organizations, Named Exclusive Technology Partner Anew of TAYO Awards Foundation
Techworld Date Posted: 5:13 PM | 255 Views
Lenovo, one of the world’s biggest technology companies, is once again the official technology partner of the Ten Accomplished Youth Organizations (TAYO) Awards Foundation, Inc.See More

 
Nokia 3310 Celebrates 18th Birthday with Price Blowout
Techworld Date Posted: 31 August 2018 4:58 PM | 131 Views
HMD Global, the home of Nokia phones, celebrates years of reliable mobile experience with Nokia 3310’s 18th birthday on September 1.. See More
 
Nokia 3310 Celebrates 18th Birthday with Price Blowout
Techworld Date Posted: 4:58 PM | 131 Views
HMD Global, the home of Nokia phones, celebrates years of reliable mobile experience with Nokia 3310’s 18th birthday on September 1.See More

PCBG  Writing Staff
Role of Wireless in Cybercrime
Techworld • By: PCBG  Writing Staff | Date Posted: 6 April 2018 3:59 PM | 654 Views
Wi-Fi and Bluetooth® are useful. They are there for a reason: so we can communicate without the need for data coverage. Though much of what we see today with Wi-Fi is good use, sometimes,.... See More
PCBG  Writing Staff
Role of Wireless in Cybercrime
Techworld • By: PCBG  Writing Staff | Date Posted: 3:59 PM | 654 Views
Wi-Fi and Bluetooth® are useful. They are there for a reason: so we can communicate without the need for data coverage. Though much of what we see today with Wi-Fi is good use, sometimes,...See More

 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 30 September 2017 9:37 AM | 456 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new.... See More
 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 9:37 AM | 456 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new...See More

 
A Safer Future Awaits at WOCEE and WOSAS 2018
Techworld Date Posted: 5 December 2018 5:30 PM | 103 Views
Following the success of its debut presentation, the groundbreaking World of Safety and Security Exposition (WOSAS) and World of Consumer Electronics Exposition (WOCEE) return with a bigger and bolder installment for its 2nd edition.. See More
 
A Safer Future Awaits at WOCEE and WOSAS 2018
Techworld Date Posted: 5:30 PM | 103 Views
Following the success of its debut presentation, the groundbreaking World of Safety and Security Exposition (WOSAS) and World of Consumer Electronics Exposition (WOCEE) return with a bigger and bolder installment for its 2nd edition.See More

 
Nokia Smartphones Serve First Slice of Android™ 9 Pie
Techworld Date Posted: 23 October 2018 10:42 AM | 129 Views
HMD Global, the home of Nokia phones, has announced that Android™ 9 is already available for the Nokia 6.1 Plus via Nokia phones beta labs. This follows the Nokia 7 Plus. See More
 
Nokia Smartphones Serve First Slice of Android™ 9 Pie
Techworld Date Posted: 10:42 AM | 129 Views
HMD Global, the home of Nokia phones, has announced that Android™ 9 is already available for the Nokia 6.1 Plus via Nokia phones beta labs. This follows the Nokia 7 PlusSee More

 
Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment
Techworld Date Posted: 19 December 2017 11:46 AM | 254 Views
Kaspersky Lab announced today that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in.... See More
 
Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment
Techworld Date Posted: 11:46 AM | 254 Views
Kaspersky Lab announced today that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in...See More


Power by

Download Free AZ | Free Wordpress Themes