It was only a matter of time before malware was found targeting Bitcoin and other crypto currencies. Now Kaspersky has found a Trojan that clears the wallets.
Kaspersky Lab's experts have discovered Cryptoshuffler, a malware that steals cryptocurrencies from wallets by replacing the wallet address with its own. Cybercriminals have so far been able to capture nearly $ 140,000 according to the IT security firm - as expected due to the high prevalence of Wallets with Bitcoin. In addition, other popular digital currencies such as Ethereum, Zcash, Dash or Monero are also targeted. For the latter, the cybersecurity experts DiscordiaMiner also identified a new Trojan for mining crypto-money. In addition, spam emails about cryptocurrencies are currently in circulation.
Bitcoin: You should immediately delete these spam emails
In the third quarter, Kaspersky Lab malware detectors identified three cryptocurrency spam scams:
- Emails where users are invited to install special cryptocurrency trading software. The offered link leads to dubious business options.
- E-mails that promise interest to users when they deposit money on a special crypto-currency wallet - which, of course, does not happen after the deposit has been made.
- E-mails that provide users with information on cryptocurrencies and related profit options, such as workshops. Users should believe that this is a serious offer and paid to pay the workshop fee.
It is no surprise that organized crime is also targeting cryptocurrencies and their owners. After all, in the face of ever-increasing Bitcoin stalls, they have already become a small-talk and regulars table conversation. Even users who do not necessarily have sufficient know-how in dealing with blockchain technology and investments are increasingly interested in Bitcoin and Cryptocurrencies.
"Cryptocurrencies are no longer remote technology," said Sergey Yunakovsky, a malware analyst at Kaspersky Lab. "They are finding their way into our lives and spreading around the world, making them more accessible to users and more attractive to criminals. For some time now, we've seen an increase in malware attacks targeting various types of cryptocurrencies." The company expects this trend to continue and advocates caution:"Users considering investing in cryptocurrencies at this time, Therefore, think about whether they are protected accordingly."
Bitcoin wallet in danger: Crypto shuffler hijacks wallet IDs
But what exactly happens? The Trojan Cryptoshuffler changes the addresses of the wallets in the Clipboard, a software for short-term storage of data of the infected device. Such hijacking attacks on clipboards have been known for years. They redirect users to malicious websites and target online payment systems. After installation, Cryptoshuffler starts monitoring the clipboard used in the payment. The numbers of the wallets are copied and pasted into the "destination address" line of the software used to execute a transaction.
The Trojan replaces the user's wallet with its own. So, if the user inserts the Wallet ID into the destination address line, this is not the address to which the money should originally be sent. The victim sends money directly to the cybercriminals. The exchange in the clipboard takes place immediately due to a simple search for wallet addresses: most of the wallets have a fixed position in the transaction line and always use a certain number of characters. In this way, intruders can easily create regular codes to replace them.
Discordia Miner Graves Cryptocurrency Monero
In addition, the experts have found another trojan called Discordia-Miner, which aims at the cryptocurrency Monero and was designed for uploading and executing files from a remote server. Incidentally, the exact names of the blocked malware are "Trojan-Banker.Win32.CryptoShuffler.gen" and "Trojan.Win32.DiscordiaMiner". In addition to a security software that is always up to date, common sense is important. The spam methods described above are unlikely to pose a risk to many more sophisticated users. But not all users fall under this category. And so cybercriminals will probably find many more victims in the future.