More and more new viruses and Trojans jeopardize the security of cryptocurrency users’ funds.
Almost simultaneously with the advent of cryptocurrencies, malicious software (viruses, Trojans, etc.) appeared, specially “tailored” to work specifically with cryptocurrencies. The most common type are the so-called miners, who use the power of an infected device to mine cryptocurrencies for the benefit of their authors. We already wrote about the latest of them, “Digimine,” in one of our previous articles “The hidden cryptocurrency miner Digmine is distributed by hackers via Facebook Messenger".
But, in today's article we will talk about another, less noticeable, but much more insidious type of Trojans. Unlike a Trojan miner (which simply uses the resources of your device, creating an unnecessary load), it can lead to the loss of your personal funds. This Trojan monitors the contents of the clipboard and, if it notices a line in it that is structurally an address for Bitcoin, Litecoin, DASH or any other cryptocurrency, replaces it with its own address. Most users do not notice the substitution and continue working, making a transaction to the spoofed address. As a result, the funds are received not by the original recipient, but by the attacker.
This type of Trojan was first discovered in August 2014 by the Polish CERT center. Every year these Trojans became more and more sophisticated, not only replacing the address with their own, but also selecting an address (or, in some cases, even generating a new one) similar to the user’s address, for example, one in which the first and last three characters match the user’s address. A quick glance at this address will not cause any suspicion. Thus, in February 2016, Symantec discovered the Trojan horse Trojan.Coinbitclip, which was distributed with a base of 10,000 Bitcoin addresses, which made it possible to quickly select an address similar to the victim’s address.
In November 2017, Kaspersky Lab discovered a new Trojan - CryptoShuffler, replacing the addresses of Bitcoin, Ethereum, Zcash, Moneroo, Dash and other cryptocurrencies.. At the same time, at the time of discovery, CryptoShuffler had already existed for about a year and managed to collect at least 23 BTC.
This type of malware is extremely difficult to detect because... does not create additional load on the user's operating system, does not open additional network connections and does not perform any other suspicious operations. This is why antivirus software manufacturers are not very quick to include the signatures of these Trojans in their antivirus databases. Currently, there is no reliable solution for protecting and automatically detecting Trojans that replace crypto wallet addresses in the clipboard.
That is why we advise all cryptocurrency users not only to rely on anti-virus software, but also to carefully check the payment details before sending it and, if possible, select addresses from the address book (most wallets provide this function).
You May Also Like
Windows Defender protects Windows 10 from hidden mining
According to a study conducted by Microsoft, illegal cryptocurrency mining is now the most popular type of cyberattack, especially after the rapid increase in cryptocurrency prices. Microsoft used Windows Defender Antivirus to conduct the study and found that an average of 640,000 systems were attacked each month from September 2017 to January 2018.
Where are the gray miners hiding?
The problem of gray mining still remains relevant, and miners are becoming more sophisticated. Let's try to figure out how they disguise themselves after infiltrating a user's computer.
