Kaspersky Lab researchers have discovered "CryptoShuffler Trojan", a new malware cyber criminals are using to steal crypto-currencies from a user's wallet by replacing their address with its own in the devices. The malware is designed to change the addresses of users' crypto-currency wallets in the infected device's clipboard (a software facility used for short-term data storage), it adds.
Clipboard hijacking attacks have been known for years, redirecting users to malicious Web sites and targeting online payments systems, says Kaspersky Lab. However, cases involving a crypto-currency host address are rare, it adds.
The company says cyber criminals are targeting popular crypto-currencies such as Bitcoin, Ethereum, Zcash, Dash and Monero.
In most crypto-currencies, if the user wants to transfer crypto coins to another user, they need to know the recipient's wallet ID - a unique multi-digit number. Here is how the CryptoShuffler exploits the system's need to operate with these numbers.
The criminals behind the CryptoShuffler Trojan have mostly succeeded in attacks against Bitcoin wallets, says Kaspersky Lab. They were able to steal 23 BTC, which is equivalent to almost $140 000, it adds.
"Crypto-currency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals, says Sergey Yunakovsky, malware analyst at Kaspersky Lab.
"Lately we've observed an increase in malware attacks targeting different types of crypto-currencies, and we expect this trend to continue. So, users considering crypto-currency investments at this time need to think about ensuring they have proper protection", says Sergey Yunakovsky, malware analyst at Kaspersky Lab.
Also, experts have also found another Trojan targeting the Monero crypto-currency - DiscordiaMiner, which is designed to upload and run files from a remote server.
According to the research, there are some performance similarities with the NukeBot Trojan, discovered earlier this year. As in the NukeBot case, the Trojan's source codes have been shared on underground hacking forums, it adds.
Kaspersky Lab researchers have already seen a rise of miners, which have affected thousands of computers and generated hundreds of thousands of dollars.
In addition, experts have noticed that criminals are starting to use less advanced techniques and are spending less time and resources in this area. According to the research, crypto-currency stealers - which have been increasing in prevalence since 2014, are again putting users' crypto savings at risk.
Share