Author

Topic: [2017-11-23] Beware of the CryptoShuffler Malware that Steals Bitcoin (Read 2173 times)

sr. member
Activity: 358
Merit: 254
Bitcoin continues to prove itself as a modern day success story and has just recently broken the $8000 mark. This sustained increase in value has attracted a lot of attention from traditional financiers, investors, and traders. It has also managed to catch the attention of some of the net’s more ingenious hackers.

Crypto Trojan

Earlier this month, cybersecurity firm Kaspersky Lab documented an account of a malware that they have dubbed the “CryptoShuffler”, which is essentially a Trojan horse-style software that specifically targets cryptocurrencies.

This malicious software acts by replacing the address on the user’s clipboard with a new wallet address. When a user opens up a cryptocurrency wallet and attempts to transfer funds by copying an address to the clipboard, this copied address will be replaced by the CryptoShuffler Trojan. The clipboard will instead contain the address of a wallet controlled by hackers and if the transaction takes place, the user actually sends funds to the hackers.

One of the unique aspects of cryptocurrencies is that transactions cannot be reversed and as a result, once money is sent, it generally can’t be recovered. The CryptoSuffler Trojan is a quietly efficient form of malware that can go undetected for a long time as it doesn’t use a lot of CPU power or memory. It also doesn’t generate any suspicious system processes and this allows it to easily go unnoticed, and catch its victims completely off guard.

The CryptoShuffler is also able to complete its job in just a few milliseconds, and despite being around since 2016 it’s still unclear exactly how the malware is distributed and crucially, there also doesn’t appear to be an immediate fix for the problem at this moment in time.

Sergey Yunakovsky, malware analyst at Kaspersky Lab recently stated “Cryptocurrency is not tomorrow’s technology anymore. It is becoming part of our daily lives, actively spreading around the world, becoming more available for users, and a more appealing target for criminals,” he continued “Lately, we’ve observed an increase in malware attacks targeted at different types of cryptocurrencies, and we expect this trend to continue. So users considering cryptocurrency investments should think about protecting their investments carefully.”

$184,000 Stolen

Analysts at Kaspersky Lab have also discovered that the malware targets cryptocurrencies such as Dash, Ethereum, Monero, and Zcash in addition to Bitcoin. It has also been revealed that the malware’s Bitcoin wallet holds over 23 Bitcoin, worth around $184,000 at this current point. Additional cryptocurrency wallets controlled by the CryptoShuffler’s creators were found to contain thousands of dollars. The Trojan was able to collect these funds in just over a year as it reached a peak in activity in late 2016; and following a slump in activity, it has recently reawakened to and continues to be a threat to the cryptocurrency ecosystem.

The CryptoShuffler Trojan targets computers and smartphones and is capable of affecting software clients and web-based interfaces. This stealth form of malware now poses a number of questions regarding the security of the copy and paste clipboard function and will catch some users completely unaware.

A blog post from Kaspersky Lab outlined the problem “This Trojan clearly demonstrates that an infected computer or smartphone will not necessarily slow down or display ransom messages. On the contrary, many kinds of malware try to keep a low profile and to operate as stealthily as possible; the longer they remain undetected, the more money they will make for their creators,” Kaspersky Lab said in a blog.

Users are advised to use QR codes to make transfers whenever possible, and to also check the first and last 3 digits of any address that they may copy and paste. By being extra vigilant, the cryptocurrency community can somewhat nullify the effects of the malicious software.

https://www.crypto-news.net/beware-the-cryptoshuffler-malware-that-steals-bitcoin/
Jump to: