Author

Topic: Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard (Read 156 times)

newbie
Activity: 9
Merit: 0
is there anybody who has got affected by this trojan ? Huh
legendary
Activity: 2478
Merit: 1360
Don't let others control your BTC -> self custody
This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.



The best way to prevent it is to keep your machine clear. The trojan doesn't jump into your device out of nowhere. It is downloaded along with other software, inside a packed archive, a torrent executable, in a mail attachment. Get decent antivirus software, use official downloads for software, buy software instead of getting cracked versions from god knows where and avoid porn sites because they're full of trojans. I know it's hard, especially the last one, no pun intended, but at least use a different device from the one that's holding your money.
member
Activity: 126
Merit: 15
HodL!
13abyknight pretty much answered the question.  When you highlight and copy the BTC recipients address, the copy goes to the clipboard on windows based computers. (Mac's are safe for now)  The hack is when you 'paste' what you think you copied, but it is the address to the hacker. (Pretty slick) 

One article that I read mentioned that this virus was for sale on criminal russian websites.
sr. member
Activity: 602
Merit: 252
This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.

Again, even though I had prior knowledge about this, thanks for the heads up. Everyone should definitely resort to double checking addresses before sending/receiving funds.

Are you referring to the virus that adjust your clipboard to when it detects that you copied a Bitcoin address? Or is this a new sort of malware that targets specific wallet clients?

Pretty sure it just copies the address provided by the malware host (creator) to clipboard instead of copying the actual address you highlighted and yes, it works based on some sort of detection algorithm i.e only when Bitcoin addresses are trying to be copied. It targets everything from web browsers to wallet clients using a formgrabber.
sr. member
Activity: 518
Merit: 268
Are you referring to the virus that adjust your clipboard to when it detects that you copied a Bitcoin address? Or is this a new sort of malware that targets specific wallet clients?
member
Activity: 126
Merit: 15
HodL!
This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.

Jump to: