The malware discovered by Bleeping Computer controls more than two million Bitcoin addresses and is ready to steal your digital assets the first time you send coins.
Despite the growing popularity of cryptocurrency, the development and improvement of protocols and smart contracts, the widespread use of blockchain technologies, the principle of transactions with coins remains the same. The key point of security is still the Bitcoin address, which is usually difficult to read and not memorable. Few people enter their BTC address manually to send coins; most users copy it. The habit of pasting a copied address for a cryptocurrency transaction can be very costly for users.
Malware steals addresses from the clipboard. Everything ingenious is simple, and the address spoofing virus simply changes the user’s original address, copied to the clipboard, to the scammer’s address. One of these viruses was discovered by the well-known resource Bleeping Computer.
The virus itself is part of the All-Radio 4.27 malware package. If a program with a safe name is installed on the computer, a virus DLL called d3dx11_31.dll is automatically added. It runs in the background performing the paging process and creates a startup program. This malicious software scans the clipboard to recognize BTC addresses. As soon as such an address is found, it is automatically replaced with the hacker’s Bitcoin address and the coins are sent to the attacker.
The Bleeping Computer resource has discovered such malware that currently controls more than 2.3 million BTC addresses. The site reports this and gives advice on checking your computer. After all, no one is immune from computer infection, and malicious software runs in the background and does not significantly load the system.
The resource advises users to check the address in a text editor. To do this, just copy your address into a text editor, similarly copy any BTC address from the Internet and compare them. If the addresses are identical, it becomes clear that the malicious software replaced them in the clipboard with the hacker’s Bitcoin address and the computer is infected.
You May Also Like
Microsoft discovered a hidden miner in a font package
Microsoft said hackers hacked a font package installed by a PDF editor and used it to install a cryptocurrency miner on users' computers.
Hacked Facebook accounts are sold on the dark web
The data of each of Facebook's 50 million users, stolen in late September, is being sold on the dark web. After the social network announced the discovered vulnerability, the company hastened to officially announce that it had been fixed and that there was no threat to users. However, this data breach was one of the largest in the history of the social network, and now a fresh Facebook user database has appeared on underground online markets.
