A new CryptoShuffler Trojan has been discovered that steals cryptocurrency from wallets by replacing the address with its own in the clipboard of the device, reported Kaspersky Lab, which discovered the malware.
Fraudsters using CryptoShuffler Trojan have already stolen 23 BTC, worth around $140,000, from wallets. The creator of the malware has been operating for a year, targeting bitcoin, Ethereum, Dash, Monero, Dash and other cryptocurrencies, according to Kaspersky Lab.
The “clipboard hijacking” technique has been witnessed previously, targeting online payment systems. Attacks on cryptocurrency are not common.
The CryptoShuffler attacks commonly used transaction processes. The Trojan monitors the clipboard of the targeted victim’s device. When making a payment, the owner of the infected device copies a recipient’s wallet identification number and pastes it in the destination address line in the software they use to make the transaction. The victim doesn’t know the Trojan replaces their wallet address with the one the malware owns.
When the victim pastes the wallet identification to the destination address line, they are not sending the money to the intended destination but to that of the fraudster. The process takes milliseconds.
Cryptocurrency users do not normally check their multi-digit numbers when making payments.
Also read: Bitcoin payment processor BitPay warns against Trojan virus
Sergey Yunakovsky, Kaspersky Lab’s malware analyst, said people considering making cryptocurrency investments need to protect their investments carefully.
Kaspersky Lab also advises cryptocurrency users to pay close attention and check the wallet number listed in the destination address line when making payments. They should also be aware of the difference between an invalid address and an incorrect one. An invalid address will be detected and the transaction will not be completed. An incorrect one will be completed and the user will lose their money.
Users can also protect themselves using a security feature that scans for vulnerabilities known to be exploited by fraudsters.
Featured image from Shutterstock.
Last modified: March 4, 2021 5:01 PM