CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards

'CryptoShuffler Trojan' is the new malware discovered by the lab researchers of Kaspersky. It is the malware used by cybercriminals to robber crypto currencies from the wallet of the user by substituting their address with its own in the gadgets.

As per the Russian based cybersecurity company, the criminals are hitting the popular cryptocurrencies like Ethereum, Monero, Bitcoin, Zcash, and others to steal 23 BTC approximately $100,000. Crooks infected the users with the Trojan, then settle idly on computers and do nothing, but watch the user's clipboard and substitute any string that looks similar a Bitcoin wallet with the address of the attackers on 1st November 2017 as posted on bleepingcomputer.com.

'Cryptocurrency is not a faraway technology anymore. Lately, we have identified an enhancement in the malware attacks hitting distinct types of cryptocurrencies and we consider this trend to begin,' Sergey Yunakovsky, a malware analyst at the lab Kaspersky, said in the statement.

The attacks of clipboard hijacking have been considered for years, redirecting the users to wicked websites and hitting online payment systems. In most cryptocurrencies, if a user intends to transfer crypto coins to another user, they intend to know the recipient's wallet ID, an exclusive multi-digit number. Here the CryptoShuffler uses the systems require operating with such numbers.

After beginning, the CryptoShufflerTrojan begins to monitor the device's clipboard, utilized by users when making a payment. It involves copying wallet's numbers and pasting them into the address of destination line of the software that is used to execute the transaction.

CryptoShuffler is one of the successful malware groups targeting cryptocurrencies to date. For instance, another malware author wasted times scanning for vulnerable IIS servers for installing a Monero miner, only to create $63,000. Creating over $150,000 for some codes that watch the clipboard and substitutes a string is quite the Return on Investment.

The wallet of the user has been replaced by the Trojan with one owned by the creator of malware, implying when the user pastes the ID wallet to the destination address line, it is not the address they intend to originally to transfer money to. Hence, the victim shifts her or his money directly to the criminals, till an alternative user identifies the sudden replacement.

» SPAMfighter News - 11/8/2017