Kaspersky Lab discovers 'CryptoShuffler Trojan'; used to steal cryptocurrencies

Kaspersky Lab researchers have discovered "CryptoShuffler Trojan", a new malware that cybercriminals are using to steal cryptocurrencies from a user's wallet by replacing their address with its own in the devices.

Cyber Security. Thinkstock

Cyber Security. Thinkstock

According to the Russia-based cybersecurity company, criminals are targeting popular cryptocurrencies such as Bitcoin, Ethereum, Zcash, Dash, Monero and others to steal 23 BTC (nearly $100,000).

"Cryptocurrency is not a far-off technology anymore. Lately, we have observed an increase in malware attacks targeting different types of cryptocurrencies and we expect this trend to continue," Sergey Yunakovsky, a malware analyst at Kaspersky Lab, said in a statement.

In addition, experts have noticed that criminals were starting to use less advanced techniques and were spending less time and resources in this area.

Clipboard hijacking attacks have been known for years, redirecting users to malicious websites and targeting online payments systems.

In most cryptocurrencies, if a user wants to transfer crypto coins to another user, they need to know the recipient's wallet ID -- a unique multi-digit number. Here the CryptoShuffler exploits the system's need to operate with these numbers.

After initializing, the "CryptoShuffler Trojan" starts to monitor the device's clipboard, utilised by users when making a payment.

This involves copying wallets' numbers and pasting them into the "destination address" line of the software that is used to carry out a transaction.

The Trojan replaces the user's wallet with one owned by the malware creator, meaning when the user pastes the wallet ID to the destination address line, it is not the address they originally intended to send money to.

As a result, the victim transfers his or her money directly to the criminals, unless an attentive user spots the sudden replacement.


Published Date: Nov 01, 2017 20:22 PM | Updated Date: Nov 02, 2017 06:59 AM