Home / Archive / Bitcoin Thieves are Monitoring 2.3 Million Addresses Using a Clipboard Malware: Report

Bitcoin Thieves are Monitoring 2.3 Million Addresses Using a Clipboard Malware: Report

Last Updated March 4, 2021 5:09 PM
Tawanda Karombo
Last Updated March 4, 2021 5:09 PM

Bleeping Computer, a technical support site, has warned cryptocurrency users to double check addresses to which they send cryptocoins before effecting transactions as a way of safeguarding against a growing type of malware that is re-directing transactions. This comes after the site said over the weekend that malware runners are monitoring more than 2 million crypto addresses  with a view to replace them with addresses they control.

Interest in bitcoin and other cryptocoins usage has steadily grown over the past few years and according to surveys, more people are now aware of virtual currencies. Africa, Asia, and other regions have also shown strong interest in using cryptocurrencies.

However, experts have been warning that the malware, CryptoCurrency Clipboard Hijackers, is phishing crypto addresses and replacing them with a new one which they control. All the cryptocoins transferred will go into an address controlled by the hackers.

“This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control ,” Lawrence Abrahams, a computer forensics and creator of BleepingComputer wrote at the weekend.

The publication adds it has noticed that the current crypto malware is monitoring as many as 2.3 million cryptocurrency addresses. These addresses could be at risk of being replaced by addresses controlled by the hackers.

Bleeping Computer has cautioned that this type of malware “runs in the background with no indication that it is even running” hence it is “not easy to spot” that one’s computer would have been infected.

“Therefore it is important to always have an updated antivirus solution installed to protect you from these types of threats. It is also very important that all cryptocurrency users to double-check any addresses that they are sending cryptocoins to before they actually send them,” cautions Abrahams, who is also a malware removal expert.

He adds that the malware infection was this week as part of the All-Radio 4.27 Portable malware package distributed by BleepingComputer in the past week.

“When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called “DirectX 11” will be created to run the DLL when a user logs into the computer.”

Featured image from Shutterstock.