Kaspersky Lab researchers have discovered a new malware which steals cryptocurrencies from a user’s wallet by replacing their address with its own in the device’s clipboard. Criminals are targeting popular cryptocurrencies such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

Indeed, criminals have already succeeded with bitcoin wallets, earning almost 100,000 dollars overall, according to our data. In addition, experts have found a new Trojan, designed for Monero mining, with some samples currently available in the wild.

 

With the cryptocurrency boom continuing across the world, it is fast becoming an attractive target for cybercriminals. Kaspersky Lab researchers have already seen a rise of miners, which have affected thousands of computers and generated hundreds of thousands of dollars.

 

In addition, experts have noticed that criminals are starting to use less advanced techniques and are spending less time and resources in this area. According to the research, cryptocurrency stealers – which have been increasing in prevalence since 2014, are again putting users’ crypto savings at risk.

 

Kaspersky Lab researchers have discovered a new CryptoShuffler Trojan, designed to change the addresses of users’ cryptocurrency wallets in the infected device’s clipboard (a software facility used for short-term data storage).

 

Clipboard hijacking attacks have been known for years, redirecting users to malicious websites and targeting online payments systems. However, cases involving a cryptocurrency host address are rare.

 

In most cryptocurrencies, if the user wants to transfer crypto coins to another user, they need to know the recipient’s wallet ID – a unique multi-digit number. Here is how the CryptoShuffler exploits the system’s need to operate with these numbers.

 

After initializing, the CryptoShuffler Trojan starts to monitor the device’s clipboard, utilized by users when making a payment. This involves copying wallets’ numbers and pasting them into the “destination address” line of the software that is used to carry out a transaction.

 

The Trojan replaces the user’s wallet with one owned by the malware creator, meaning when the user pastes the wallet ID to the destination address line, it is not the address they originally intended to send money to. As a result, the victim transfers his or her money directly to the criminals, unless an attentive user spots the sudden replacement.

 

The latter is usually not the case, since multi-digit numbers and the wallets’ addresses in blockchain are typically very difficult to remember. Therefore, it’s hard to define any distinctive features in the transaction line, even if it is directly in front of the user’s eyes.

 

Destination replacement in the clipboard occurs instantly, thanks to the simplicity of searching for wallet addresses: the majority of cryptocurrency wallets have a constant position in the transaction line and always use a certain number of characters.

 

Thus, intruders can easily create regular codes to replace them. Based on the research, CryptoShuffler works with a wide range of the most popular cryptocurrencies, such as Bitcoin, Ethereum, Zcash, Dash, Monero and others.

 

So far, based on observations from Kaspersky Lab researchers, the criminals behind the CryptoShuffler trojan have mostly succeeded in attacks against Bitcoin wallets – they were able to steal 23 BTC, which is equivalent to almost 100,000 USD. The total amounts in other wallets ranges from a few dollars to several thousand dollars.

 

“Cryptocurrency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals. Lately we’ve observed an increase in malware attacks targeting different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments at this time need to think about ensuring they have proper protection,” says Sergey Yunakovsky, malware analyst at Kaspersky Lab.

 

Experts have also found another Trojan targeting the Monero cryptocurrency – DiscordiaMiner, which is designed to upload and run files from a remote server. According to the research, there are some performance similarities with the NukeBot Trojan, discovered earlier this year. As in the NukeBot case, the Trojan’s source codes have been shared on underground hacking forums.

 

We recommend that users install robust security solutions that provide dedicated functionality for protecting financial transactions, like the Safe Money feature in flagship Kaspersky Lab solutions.

 

For greater security, this feature scans for vulnerabilities that are known to have been exploited by cybercriminals, constantly checks for specialized malware, guards transactions from intrusion with the help of Protected Browser technology and specifically protects the clipboard where sensitive data could be stored during copy/paste operations.

 

Kaspersky Lab products successfully detect and block these malware with the following detection names:

  • Trojan-Banker.Win32.CryptoShuffler.gen

  • Trojan.Win32.DiscordiaMiner

Learn more about newly discovered miners on Securelist.com

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Epson Launches First 12,000 Lumen Native 4K 3LCD Laser Projector and New 20,000 Lumen Projector
Techworld Date Posted: 9 January 2019 5:02 PM | 191 Views
Epson, the number-one selling projector brand, has announced the launch of two new 3LCD laser projectors – The EB-L12000Q, which is the industry’s first 12,000 lumen native 4K 3LCD laser projector. See More
 
Epson Launches First 12,000 Lumen Native 4K 3LCD Laser Projector and New 20,000 Lumen Projector
Techworld Date Posted: 5:02 PM | 191 Views
Epson, the number-one selling projector brand, has announced the launch of two new 3LCD laser projectors – The EB-L12000Q, which is the industry’s first 12,000 lumen native 4K 3LCD laser projectorSee More

 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 26 October 2017 1:39 PM | 1052 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.. See More
 
Fortinet’s Newest Sandbox Solution Recommended by NSS Labs
Techworld Date Posted: 1:39 PM | 1052 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Breach Detection System (BDS) group test.See More

 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 1 December 2017 11:42 AM | 328 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016. See More
 
26 Per Cent of Ransomware Attacks Now Target Business – Rapidly-Evolving Ransomware Remains a Top Threat
Techworld Date Posted: 11:42 AM | 328 Views
In 2017, 26.2 per cent those targeted by ransomware were business users, compared to 22.6 per cent in 2016See More

 
Kingston Ships Second-most SSDs in Channel Worldwide in 2016
Techworld Date Posted: 22 March 2017 1:45 PM | 245 Views
Kingston, the independent world leader in memory products, today announced it owns 16 percent of the global channel SSD unit market share for 2016. Data was compiled by the research firm, Forward Insights, which.... See More
 
Kingston Ships Second-most SSDs in Channel Worldwide in 2016
Techworld Date Posted: 1:45 PM | 245 Views
Kingston, the independent world leader in memory products, today announced it owns 16 percent of the global channel SSD unit market share for 2016. Data was compiled by the research firm, Forward Insights, which...See More

 
New Kaspersky Endpoint Security for Business Provides Security Teams with Greater Control and Automatic Anomaly Detection
Techworld Date Posted: 23 March 2019 10:09 AM | 136 Views
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business. The product features Adaptive Anomaly Control, which intelligently perceives and blocks anomalous applications and user behavior,.... See More
 
New Kaspersky Endpoint Security for Business Provides Security Teams with Greater Control and Automatic Anomaly Detection
Techworld Date Posted: 10:09 AM | 136 Views
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business. The product features Adaptive Anomaly Control, which intelligently perceives and blocks anomalous applications and user behavior,...See More

 
Could Someone Be Spying on You through Your Phone? Kaspersky Lab Enables Special Mobile Alert to Protect People from Stalkers
Techworld Date Posted: 27 April 2019 9:58 AM | 67 Views
Kaspersky Lab has upgraded its Kaspersky Internet Security for Android with Privacy Alert – a new feature that warns the users if their private information is being monitored via commercially available spyware. While this.... See More
 
Could Someone Be Spying on You through Your Phone? Kaspersky Lab Enables Special Mobile Alert to Protect People from Stalkers
Techworld Date Posted: 9:58 AM | 67 Views
Kaspersky Lab has upgraded its Kaspersky Internet Security for Android with Privacy Alert – a new feature that warns the users if their private information is being monitored via commercially available spyware. While this...See More

 
Operation ShadowHammer New Supply Chain Attack Threatens Hundreds of Thousands of Users Worldwide
Techworld Date Posted: 2 April 2019 4:04 PM | 65 Views
A supply chain attack is one of the most dangerous and effective infection vectors, increasingly exploited in advanced operations over the last few years – as we have seen with ShadowPad or CCleaner. It.... See More
 
Operation ShadowHammer New Supply Chain Attack Threatens Hundreds of Thousands of Users Worldwide
Techworld Date Posted: 4:04 PM | 65 Views
A supply chain attack is one of the most dangerous and effective infection vectors, increasingly exploited in advanced operations over the last few years – as we have seen with ShadowPad or CCleaner. It...See More

 
Realme 3 Scores Back-to-Back Sold-Out Feats, Sells 500 Units in 18 Minutes at Shopee 4.4
Techworld Date Posted: 5 April 2019 10:38 AM | 109 Views
Hot on the heels of being hailed as Shopee’s fastest-selling smartphone sub-Php10,000, budget and midrange smartphone disruptor realme 3 sets another record with its Shopee 4.4 sold-out promo. A record of 500 units of.... See More
 
Realme 3 Scores Back-to-Back Sold-Out Feats, Sells 500 Units in 18 Minutes at Shopee 4.4
Techworld Date Posted: 10:38 AM | 109 Views
Hot on the heels of being hailed as Shopee’s fastest-selling smartphone sub-Php10,000, budget and midrange smartphone disruptor realme 3 sets another record with its Shopee 4.4 sold-out promo. A record of 500 units of...See More

 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 28 November 2017 9:52 AM | 289 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,. See More
 
Online Dating: All You Need to Bag Yourself a Business Owner or Some Company Secrets
Techworld Date Posted: 9:52 AM | 289 Views
The saying goes ‘don’t mix business with pleasure’, but research from Kaspersky Lab reveals business owners and employees could be unwittingly putting their companies at risk,See More

 
Global Shipments of FUJITSU Image Scanners Have Passed the 10 Million Mark
Techworld Date Posted: 30 September 2017 9:58 AM | 256 Views
PFU is proud to announce that as of July 2017, global shipments of its FUJITSU image scanners have passed the 10 million mark.. See More
 
Global Shipments of FUJITSU Image Scanners Have Passed the 10 Million Mark
Techworld Date Posted: 9:58 AM | 256 Views
PFU is proud to announce that as of July 2017, global shipments of its FUJITSU image scanners have passed the 10 million mark.See More


Power by

Download Free AZ | Free Wordpress Themes