Kaspersky Lab discovers 'CryptoShuffler Trojan'; used to steal cryptocurrencies

Kaspersky Lab researchers have discovered “CryptoShuffler Trojan”, a new malware that cybercriminals are using to steal cryptocurrencies from a user’s wallet by replacing their address with its own in the devices. [caption id=“attachment_3378508” align=“alignleft” width=“380”] Cyber Security. Thinkstock[/caption] According to the Russia-based cybersecurity company, criminals are targeting popular cryptocurrencies such as **Bitcoin** , **Ethereum** , Zcash, Dash, Monero and others to steal 23 BTC (nearly $100,000). “Cryptocurrency is not a far-off technology anymore. Lately, we have observed an increase in malware attacks targeting different types of cryptocurrencies and we expect this trend to continue,” Sergey Yunakovsky, a malware analyst at Kaspersky Lab, said in a statement. In addition, experts have noticed that criminals were starting to use less advanced techniques and were spending less time and resources in this area. Clipboard hijacking attacks have been known for years, redirecting users to malicious websites and targeting online payments systems. In most cryptocurrencies, if a user wants to transfer crypto coins to another user, they need to know the recipient’s wallet ID – a unique multi-digit number. Here the CryptoShuffler exploits the system’s need to operate with these numbers. After initializing, the “CryptoShuffler Trojan” starts to monitor the device’s clipboard, utilised by users when making a payment. This involves copying wallets’ numbers and pasting them into the “destination address” line of the software that is used to carry out a transaction. The Trojan replaces the user’s wallet with one owned by the malware creator, meaning when the user pastes the wallet ID to the destination address line, it is not the address they originally intended to send money to. As a result, the victim transfers his or her money directly to the criminals, unless an attentive user spots the sudden replacement.