Popular cryptocurrency wallets are under threat currently as the notorious CryptoShuffler Trojan is stealing cryptocurrencies. According to the findings of Kaspersky Labs, which discovered the Trojan, mainstream cryptocurrencies including Dash, Monero, Ethereum, Bitcoin, and Zcash, etc., have been targeted by attackers so far using CryptoShuffler and hackers have stolen $150,000 (£113,250) worth of Bitcoins.
The Trojan attacks cryptocurrency wallets by modifying the original, legitimate address of the user with its own on the clipboard of the targeted device. As per the researchers at Kaspersky Lab, attacks that involve hijacking of clipboards are not unheard of as there are instances where attackers targeted online payment systems with this method but cases involving hijacking of cryptocurrency host address are quite rare.
“The malware described is a perfect example of a ‘rational’ gain. The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load,” noted malware analyst at Kaspersky Lab, Sergey Yunakovsky.
Researchers also noted that the mechanism of CryptoShuffler is quite straightforward where user’s walled ID number which is widely used in transaction process by copy-pasting it as the Destination Address in the transaction software that is being used, is replaced with the one sent by the malware creator. All the Trojan has to do is monitor the clipboard to do the modification.
What happens later is that the wallet ID that user enters in the Destination Address line is not the original one and the money is transferred to the attacker. The entire process is completed within milliseconds since searching for wallet addresses is quite easy; most cryptocurrency wallet addresses bear similar beginning and an identifiable number of characters.
“Intruders can easily create regular codes to replace them,” wrote the researchers.
CryptoShuffler has been around since 2016 when it attacked Bitcoin wallet while the latest campaign was discovered in June 2017. Kaspersky researchers stated that the way this Trojan attempts to attack cryptocurrency wallets shows that an infected device may not necessarily display ransom note or slow down the device, but they work discreetly without getting detected.
“The longer they remain undetected, the more money they will make for their creators,” read the blog post from the security firm.
Cryptocurrency has become part of our daily life, but this very fact makes it vulnerable to targeted cyber-attacks. The more embedded it gets into our world, the higher is its tendency to be targeted by malicious cybercriminals.
“Lately, we’ve observed an increase in malware attacks targeted at different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments should think about protecting their investments carefully,” stated Yunakovsky.
If you want to keep your crypto savings protected from cybercriminals, you need to monitor transactions carefully and cross-check the wallet ID listed in the Destination Address line with the one you need to send money on. An invalid address and an incorrect address both different significantly since the system and transaction will instantly identify an invalid address will be halted whereas a wrong address will not be identified as such.