Researchers from Kaspersky Lab have discovered a virus known as CryptoShuffler Trojan that steals cryptocurrencies from unsuspecting users’ wallets.
Cybercriminals have now begun targeting popular digital currencies such as bitcoin (BTC), monero (XMR), ethereum (ETH), DASH, and Zcash (ZEC). The CryptoShuffler virus dwells in a user’s computer memory and monitors their clipboard – a temporary data storage area used for cut and paste functions.
According to the Kaspersky Lab researchers, it is estimated that the cybercriminals have so far made away with more than 23 BTC worth about $172,000 at the current exchange rate. Furthermore, the hackers have stolen several thousand dollars from other wallets. It has taken the Trojan more than a year to steal that amount of money.
This, of course, is not surprising as it comes at a time when the bitcoin price has been soaring in the market. At the time of writing, the price of bitcoin was trading around $7,200.
How CryptoShuffler Works
Cryptocurrency theft began increasing in 2014. In late 2016, cryptocurrency theft was at its peak before it declined and reawakened in June 2017.
A statement released by Kaspersky Lab explained how the virus works,
“As soon as CryptoShuffler spots the address of a cryptocurrency wallet on the clipboard (it’s quite easy to distinguish these addresses by line length and specific characters), it replaces the address with another. As a result, the cryptocurrency transfer does indeed go through, and in the amount specified by the payer, only the recipient is not the pizzeria, but the intruders behind CryptoShuffler.”
Simply put, the CryptoShuffler creates a loophole on the unique multi-digit number with which a user needs to transfer coins to other users.
Most users copy and paste the wallet numbers into the destination address of the software used to make the transaction. Since the virus has been monitoring the user’s computer memory, the Trojan will then replace the user’s wallet and input one that’s owned by the CryptoShuffler creator. As such, the wallet number that ends up on the address line is not the one the user had initially intended to send coins to. The victim, therefore, ends up sending the money to the criminals unless one is keen and able to spot the sudden change in the wallet address.
However, the latter is usually hard to do since wallet addresses and multi-digit numbers in blockchain are difficult to remember.
How Bitcoin Owners Can Protect Themselves from the CryptoShuffler Malware
Most people use bitcoin as an investment. Losing part of your investment capital due to a malware is a hard blow to anyone. The easiest way for you to protect yourself is to double-check the wallet address you have keyed in after copying. Although it is tedious to check the multi-digit numbers, it is the best way to ensure your funds are safe.
The other option users have is to install antivirus’ that detect and eliminate malicious software from your laptop. One such software is the Kaspersky Safe Money Feature that scans for loopholes used by cybercriminals, continuously checks for malware, and protects the clipboard where all your sensitive data is stored during the copy and paste functions.
As cryptocurrencies continue to rise, certain risks will increase with them as Malware Analyst at Kaspersky Lab, Sergey Yunakovsky, notes,
“Cryptocurrency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals. Lately, we’ve observed an increase in malware attacks targeting different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments at this time need to think about ensuring they have proper protection.”