The malware discovered by Bleeping Computer controls more than two million Bitcoin addresses and is ready to steal your digital assets the first time you send coins.
Despite the growing popularity of cryptocurrency, the development and improvement of protocols and smart contracts, the widespread use of blockchain technologies, the principle of transactions with coins remains the same. The key point of security is still the Bitcoin address, which is usually difficult to read and not memorable. Few people enter their BTC address manually to send coins; most users copy it. The habit of pasting a copied address for a cryptocurrency transaction can be very costly for users.
Malware steals addresses from the clipboard. Everything ingenious is simple, and the address spoofing virus simply changes the user’s original address, copied to the clipboard, to the scammer’s address. One of these viruses was discovered by the well-known resource Bleeping Computer.
The virus itself is part of the All-Radio 4.27 malware package. If a program with a safe name is installed on the computer, a virus DLL called d3dx11_31.dll is automatically added. It runs in the background performing the paging process and creates a startup program. This malicious software scans the clipboard to recognize BTC addresses. As soon as such an address is found, it is automatically replaced with the hacker’s Bitcoin address and the coins are sent to the attacker.
The Bleeping Computer resource has discovered such malware that currently controls more than 2.3 million BTC addresses. The site reports this and gives advice on checking your computer. After all, no one is immune from computer infection, and malicious software runs in the background and does not significantly load the system.
The resource advises users to check the address in a text editor. To do this, just copy your address into a text editor, similarly copy any BTC address from the Internet and compare them. If the addresses are identical, it becomes clear that the malicious software replaced them in the clipboard with the hacker’s Bitcoin address and the computer is infected.
You May Also Like
Where are the gray miners hiding?
The problem of gray mining still remains relevant, and miners are becoming more sophisticated. Let's try to figure out how they disguise themselves after infiltrating a user's computer.
The FacexWorm virus is being spread via Facebook Messenger
Security researchers at Trend Micro have discovered a malicious extension for the Chrome browser that interferes with users' cryptocurrency transactions in various ways. The malware, called "FacexWorm", enters the victim's browser through a YouTube link that prompts the user to install an extension to play videos. Once it is installed, the virus penetrates the account and distributes the same link among the user's friends.
