More and more new viruses and Trojans jeopardize the security of cryptocurrency users’ funds.
Almost simultaneously with the advent of cryptocurrencies, malicious software (viruses, Trojans, etc.) appeared, specially “tailored” to work specifically with cryptocurrencies. The most common type are the so-called miners, who use the power of an infected device to mine cryptocurrencies for the benefit of their authors. We already wrote about the latest of them, “Digimine,” in one of our previous articles “The hidden cryptocurrency miner Digmine is distributed by hackers via Facebook Messenger".
But, in today's article we will talk about another, less noticeable, but much more insidious type of Trojans. Unlike a Trojan miner (which simply uses the resources of your device, creating an unnecessary load), it can lead to the loss of your personal funds. This Trojan monitors the contents of the clipboard and, if it notices a line in it that is structurally an address for Bitcoin, Litecoin, DASH or any other cryptocurrency, replaces it with its own address. Most users do not notice the substitution and continue working, making a transaction to the spoofed address. As a result, the funds are received not by the original recipient, but by the attacker.
This type of Trojan was first discovered in August 2014 by the Polish CERT center. Every year these Trojans became more and more sophisticated, not only replacing the address with their own, but also selecting an address (or, in some cases, even generating a new one) similar to the user’s address, for example, one in which the first and last three characters match the user’s address. A quick glance at this address will not cause any suspicion. Thus, in February 2016, Symantec discovered the Trojan horse Trojan.Coinbitclip, which was distributed with a base of 10,000 Bitcoin addresses, which made it possible to quickly select an address similar to the victim’s address.
In November 2017, Kaspersky Lab discovered a new Trojan - CryptoShuffler, replacing the addresses of Bitcoin, Ethereum, Zcash, Moneroo, Dash and other cryptocurrencies.. At the same time, at the time of discovery, CryptoShuffler had already existed for about a year and managed to collect at least 23 BTC.
This type of malware is extremely difficult to detect because... does not create additional load on the user's operating system, does not open additional network connections and does not perform any other suspicious operations. This is why antivirus software manufacturers are not very quick to include the signatures of these Trojans in their antivirus databases. Currently, there is no reliable solution for protecting and automatically detecting Trojans that replace crypto wallet addresses in the clipboard.
That is why we advise all cryptocurrency users not only to rely on anti-virus software, but also to carefully check the payment details before sending it and, if possible, select addresses from the address book (most wallets provide this function).
You May Also Like
Attackers used Verge's flaw to obtain seven-figure sums
The Verge cryptocurrency, which provides one of the strongest levels of privacy, recently took measures to eliminate a bug that allows malicious miners to exploit a flaw in the mining algorithm to obtain seven-figure sums
Crypto scams have evolved to completely new applications.
As digital assets develop, the desire of cybercriminals to take possession of them only grows; they are constantly coming up with new ways of deception.
