Hackers Stole $150,000 from Cryptocurrency Wallets Using CryptoShuffler Trojan

Popular cryptocurrency wallets are under threat currently as the notorious CryptoShuffler Trojan is stealing cryptocurrencies. According to the findings of Kaspersky Labs, which discovered the Trojan, mainstream cryptocurrencies including Dash, Monero, Ethereum, Bitcoin, and Zcash, etc., have been targeted by attackers so far using CryptoShuffler and hackers have stolen $150,000 (£113,250) worth of Bitcoins.

The Trojan attacks cryptocurrency wallets by modifying the original, legitimate address of the user with its own on the clipboard of the targeted device. As per the researchers at Kaspersky Lab, attacks that involve hijacking of clipboards are not unheard of as there are instances where attackers targeted online payment systems with this method but cases involving hijacking of cryptocurrency host address are quite rare.

More: How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

“The malware described is a perfect example of a ‘rational’ gain. The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load,” noted malware analyst at Kaspersky Lab, Sergey Yunakovsky.

Researchers also noted that the mechanism of CryptoShuffler is quite straightforward where user’s walled ID number which is widely used in transaction process by copy-pasting it as the Destination Address in the transaction software that is being used, is replaced with the one sent by the malware creator. All the Trojan has to do is monitor the clipboard to do the modification.

What happens later is that the wallet ID that user enters in the Destination Address line is not the original one and the money is transferred to the attacker. The entire process is completed within milliseconds since searching for wallet addresses is quite easy; most cryptocurrency wallet addresses bear similar beginning and an identifiable number of characters.

“Intruders can easily create regular codes to replace them,” wrote the researchers.

Hackers Stole $150,000 from Cryptocurrency Wallets Using CryptoShuffler Trojan
A Russian language forum discussing CryptoShuffler trojan

CryptoShuffler has been around since 2016 when it attacked Bitcoin wallet while the latest campaign was discovered in June 2017. Kaspersky researchers stated that the way this Trojan attempts to attack cryptocurrency wallets shows that an infected device may not necessarily display ransom note or slow down the device, but they work discreetly without getting detected.

“The longer they remain undetected, the more money they will make for their creators,” read the blog post from the security firm.

Cryptocurrency has become part of our daily life, but this very fact makes it vulnerable to targeted cyber-attacks. The more embedded it gets into our world, the higher is its tendency to be targeted by malicious cybercriminals.

“Lately, we’ve observed an increase in malware attacks targeted at different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments should think about protecting their investments carefully,” stated Yunakovsky.

If you want to keep your crypto savings protected from cybercriminals, you need to monitor transactions carefully and cross-check the wallet ID listed in the Destination Address line with the one you need to send money on. An invalid address and an incorrect address both different significantly since the system and transaction will instantly identify an invalid address will be halted whereas a wrong address will not be identified as such.

More: Fake Cryptocurrency Apps on Play Store Stealing User Data

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.