Jump to content

‘Clipboard malware’ monitoring millions of Bitcoin addresses


tao

Recommended Posts

A new malware strain can scan a computer's clipboard application for crypto wallet addresses and replaces it with rogue ones that belong to hackers

 

As crypto-currencies try to gain traction so they can move closer toward the mainstream, malware – or malicious software – is becoming a more significant threat. Previously, the majority of crypto-related malware was designed to mine anonymous crypto coins after hijacking a computer. However, a new strain is emerging that has the potential to do even more damage.

 

To send and receive crypto-currencies’ lengthy wallet addresses, composed of random characters, need to be used. These are virtually impossible to remember for those without a photographic memory so in order to complete transactions many users copy and paste these long addresses using their Windows clipboard. A new strain of malware, that has been dubbed “CryptoCurrency Clipboard Hijackers”, is now taking advantage of this.

 

According to recent industry reports, this new strain of malware scans the clipboard application for crypto wallet addresses and replaces it with ones that belong to the hackers. If a user does not double check the address before sending a transaction, it will be sent to the rogue one and the newly purchased coin will be lost to the attackers.

 

Computer analysts at Bleeping Computer claim to have discovered a version of this clipboard malware that has been monitoring over 2.3 million crypto-currency addresses. The infection, that was discovered only last week, runs a malicious Windows library file – called d3dx11_31.dll – which uses a standard “rundll32.exe” component of the Windows operating system.

 

This malware infection, that enters a computer via a script called “All-Radio 4.27 Portable”, runs in the background and will continue to monitor crypto address copy-pasting unless the user has reliable and up-to-date anti-malware software running. Users are also advised to double check the wallet address before executing the transaction.

 

This so-called “cryptojacking”, along with Ransomware attacks, is according to Michigan State University research, now the biggest threat to computer user security. With a growing abundance of permanently connected IoT (Internet of Things) devices, it comes as no surprise that attackers are targeting these to mine or steal crypto-currency. Last month a new malware strain was discovered that infects smart TVs and Amazon Fire products to mine for digital currencies.

 

Apple customers, who are usually of the opinion that they are immune to such things, are not safe either. MacOS malware has been recently discovered targeting crypto-currency investors that use both the Slack and Discord chat platforms. Dubbed OSX.Dummy, the malware enables infected Macs to be opened up for remote code execution which essentially gives the attacker full control over the machine.

 

As virtual currencies increase in use and popularity, the ever advancing methods to pilfer them will no doubt follow.

 

< Here >

Link to comment
Share on other sites

  • Replies 6
  • Created
  • Last Reply

As always my journalist friend with the latest news :D 

 

Oh, and Microsoft implemented a new features in his Windows 10: Clipboard Menu :S ... Yeah that New Malware is "TOTALLY" unreleated to Microsoft ... 

Link to comment
Share on other sites

4 minutes ago, Archanus said:

As always my journalist friend with the latest news :D 

 

Oh, and Microsoft implemented a new features in his Windows 10: Clipboard Menu :S ... Yeah that New Malware is "TOTALLY" unreleated to Microsoft ... 

 

Correct it is unrelated, The crypto here, monitors the text copied to the clipboard and changes crypto strings on the fly, that isn't a new feature of Windows clipboard, it's a new attack vector.

 

 

 

 

Link to comment
Share on other sites

38 minutes ago, Dodel said:

 

Correct it is unrelated, The crypto here, monitors the text copied to the clipboard and changes crypto strings on the fly, that isn't a new feature of Windows clipboard, it's a new attack vector.

 

Well, let's see how the antivirus company can face this :) 

Link to comment
Share on other sites

1 hour ago, Kynyo said:

Malwarebytes could be useful to protect on this kind of attack vectors?

Yes Malwarebytes should, if the malware is already known to vendors it's not a zeroday anymore.

Quote

This malware infection, that enters a computer via a script called “All-Radio 4.27 Portable”, runs in the background and will continue to monitor crypto address copy-pasting unless the user has reliable and up-to-date anti-malware software running

 

there is other Crypto mining malware in the wild right now that don't care if you're running something and what ever you use will have to delete it. Like trustedinstaller.exe  Crypto mining malware for  example it adds itself to windows startup  and is disgusted to look like part of windows updates.

 

TrustedInstaller.exe  45 / 67 you catch  this one using  kodi via a url  .

https://www.virustotal.com/en/file/ed9354b5700072b75f0bc1a7abac57dca903d2f0f9980e24d4c6ec7c476701e2/analysis/

 

Malwarebytes  still don't even detect this  one better off to use a real antivirus . So   Malwarebytes  dont seem so reliable for these type of malwares .:)

 

All-Radio 4.27 Portable is spread trough warez downloads .

Quote

 

How was All-Radio 4.27 Portable installed on my Computer?

Victims are reporting that they are being infected by All-Radio 4.27 through software cracks for games, applications, and Windows. Some have specifically stated that the KMSpico Windows and Office license activation crack has been installing this infection.

 

https://www.bleepingcomputer.com/virus-removal/remove-all-radio-4.27-portable-infection

 

Different ones keep making its rounds on widows  for like a year now to mine crytro  last year antivirus were not even detecting them like they are now and people were having to reformat too git rid of them

https://old.reddit.com/r/pcgaming/comments/6dx2ro/keep_your_eyes_out_for_bitcoin_miners_windows_r/di6n9az/

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...