Kaspersky Discovers CryptoShuffler Trojan Malware

Tuesday, 07/11/2017 | 07:14 GMT by Rachel McIntosh
  • The malware switches the copied address for the address of the wallet belonging to its creator.
Kaspersky Discovers CryptoShuffler Trojan Malware
Kaspersky Labs in Moscow (Reuters)

When we think of cryptocurrency hackers, it’s easy to imagine complex pieces of malware that worm their way into our computers using methods that only a computer scientist could understand. However, the reality of software that is designed to steal cryptocurrency is often quite different from this esoteric vision.

One such piece of malware, recently discovered by Kaspersky, has been designed to simply replace a wallet’s address with its own address in the device’s clipboard when an address has been copied. So-called “clipboard hijacking” attacks that redirect users to malicious websites and target online payment platforms are rather old hat at this point--that is, they have been around for some time.

Despite how old it is, this particular method of digital theft has not been used to target cryptocurrency on any serious level until recently. The simple method has been surprisingly successful; Kaspersky reported that the virus had managed to make off with nearly $140,000 worth of Bitcoin .

'CryptoShuffler' Hijacks Your Device’s Clipboard

The malware, called a CryptoShuffler Trojan, enters computers disguised as a harmless pieces of software downloaded from the internet. Once the malware is on a device, it analyses everything that the user copies until it recognizes a cryptocurrency wallet address.

The malware then switches out the copied address for the address of the wallet belonging to its creator. If the device’s user manages to catch the difference between the address they have copied and the address they have pasted, they may manage to avoid sending their funds irretrievably to the thief; if not, they are out of luck. Because crypto addresses are long strings of random characters, it is highly unlikely that someone who wasn’t specifically watching for this kind of attack would notice one happening.

The CryptoShuffler Trojans that Kaspersky have identified are being created to target big name coins like Ethereum , Bitcoin, and Monero.

Protecting Yourself and Your Coins

Kaspersky’s Sergey Yunakovsky, malware analyst, has said that the rising popularity of cryptocurrency makes it even more necessary for “users considering cryptocurrency investments at this time need to think about ensuring they have proper protection.”

Truly, as the world of cryptocurrency continues to grow, the threats to the safety of a user’s coins grow with it. To protect yourself, be sure to keep your antivirus software up-to-date, your passwords protected, and your coins as far offline as possible.

When we think of cryptocurrency hackers, it’s easy to imagine complex pieces of malware that worm their way into our computers using methods that only a computer scientist could understand. However, the reality of software that is designed to steal cryptocurrency is often quite different from this esoteric vision.

One such piece of malware, recently discovered by Kaspersky, has been designed to simply replace a wallet’s address with its own address in the device’s clipboard when an address has been copied. So-called “clipboard hijacking” attacks that redirect users to malicious websites and target online payment platforms are rather old hat at this point--that is, they have been around for some time.

Despite how old it is, this particular method of digital theft has not been used to target cryptocurrency on any serious level until recently. The simple method has been surprisingly successful; Kaspersky reported that the virus had managed to make off with nearly $140,000 worth of Bitcoin .

'CryptoShuffler' Hijacks Your Device’s Clipboard

The malware, called a CryptoShuffler Trojan, enters computers disguised as a harmless pieces of software downloaded from the internet. Once the malware is on a device, it analyses everything that the user copies until it recognizes a cryptocurrency wallet address.

The malware then switches out the copied address for the address of the wallet belonging to its creator. If the device’s user manages to catch the difference between the address they have copied and the address they have pasted, they may manage to avoid sending their funds irretrievably to the thief; if not, they are out of luck. Because crypto addresses are long strings of random characters, it is highly unlikely that someone who wasn’t specifically watching for this kind of attack would notice one happening.

The CryptoShuffler Trojans that Kaspersky have identified are being created to target big name coins like Ethereum , Bitcoin, and Monero.

Protecting Yourself and Your Coins

Kaspersky’s Sergey Yunakovsky, malware analyst, has said that the rising popularity of cryptocurrency makes it even more necessary for “users considering cryptocurrency investments at this time need to think about ensuring they have proper protection.”

Truly, as the world of cryptocurrency continues to grow, the threats to the safety of a user’s coins grow with it. To protect yourself, be sure to keep your antivirus software up-to-date, your passwords protected, and your coins as far offline as possible.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 60 Followers
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.

More from the Author

CryptoCurrency