A new CryptoShuffler Trojan has been discovered that steals cryptocurrency from wallets by replacing the address with its own in the clipboard of the device, reported Kaspersky Lab, which discovered the malware.
Fraudsters using CryptoShuffler Trojan have already stolen 23 BTC, worth around $140,000, from wallets. The creator of the malware has been operating for a year, targeting bitcoin, Ethereum, Dash, Monero, Dash and other cryptocurrencies, according to Kaspersky Lab.
The "clipboard hijacking" technique has been witnessed previously, targeting online payment systems. Attacks on cryptocurrency are not common.
How It Works
The CryptoShuffler attacks commonly used transaction processes. The Trojan monitors the clipboard of the targeted victim's device. When making a payment, the owner of the infected device copies a recipient's wallet identification number and pastes it in the destination address line in the software they use to make the transaction. The victim doesn't know the Trojan replaces their wallet address with the one the malware owns.
When the victim pastes the wallet identification to the destination address line, they are not sending the money to the intended destination but to that of the fraudster. The process takes milliseconds.
Cryptocurrency users do not normally check their multi-digit numbers when making payments.
Sergey Yunakovsky, Kaspersky Lab's malware analyst, said people considering making cryptocurrency investments need to protect their investments carefully.