A crypto Trojan is stealing Bitcoin transactions from the clipboard and has already gifted its developers over $150,000.
The experts from Kaspersky Lab have discovered a Trojan called “CryptoShuffler” that steals Bitcoins and other crypto currencies from the infected computer’s clipboard. The amounts stolen thus far range from a couple of thousand to several thousand dollars.
The mechanism of “CryptoShuffler” is simple but effective, and uses the common transaction processes of most crypto currency users.
Payment over the Internet using crypto currency is growing exponentially and will soon form part of our everyday lives. Consider this scenario: You order a pizza over the website of your local Italian and want to pay for it using the Internet currency, Bitcoin. You copy the recipient’s ID number, enter the desired amount, fill in the “Destination Address” line in the software that you use to complete your transaction, and confirm the transaction. The transfer is made, but the pizza doesn’t arrive. Itâs not the pizzeria who is to blame; itâs the Trojan-Banker.Win32.CryptoShuffler.gen, alias âCryptoShufflerâ.
The Trojan “CryptoShuffler” had already hit its peak in 2016, but in June 2017, Kaspersky Lab’s experts discovered a new campaign, this time targeting the Internet currency Bitcoin, with Ethereum, Zcash, Monero, Dash, Dogecoin also coming into the sights of this malware.
In general, the malware on infected computers and smartphones behaves inconspicuously in the background, but observes all activities of the user’s clipboard. If the malware detects a string that looks like a Bitcoin wallet (a crypto transfer), for example, the address is replaced by one belonging to the criminals. This means that the crypto transaction is actually carried out, but instead of being sent to the desired addressee, the Internet dollars are transferred directly to the criminals.
According to Kaspersky: “Most crypto wallet addresses have the same beginning and a certain number of characters, so â within a matter of milliseconds â it is easy for âCryptoShufflerâ to replace this string with its own wallet addresses.â
Measures that can be taken before your computer becomes infected with “CryptoShuffler”
Botfrei.de: The Trojan (Trojan-Banker.Win32.CryptoShuffler.gen) is recognized by most current antivirus protection systems!
- It is more important than ever to make regular backups of your important data and to keep these separate from the computer. Have a look at the free EaseUS Todo Backup. Or read here about how to back up files via Windows.
- Disable Macros in Office and load documents from trusted sources only! Good to know: Macro infections cannot function in alternative office applications such as Libre-Office.
- Check your computer with Botfrei.deâs free EU-Cleaners.
- Protect your computer from infection by always keeping the system up to date! Install anti-virus and security patches in a timely manner.
- Change the Windows default setting that hides the file extensions.
- Apply caution when opening unknown emails. Do not click on integrated links and never open unknown attachments.
- Do you still work on your computer with admin rights? Change the permissions to a minimum for your daily work and set up User Account Control (UAC) for executable programs.
- Always use professional anti-virus software, even when you work with a Mac.
