tao Posted July 2, 2018 Share Posted July 2, 2018 A new malware strain can scan a computer's clipboard application for crypto wallet addresses and replaces it with rogue ones that belong to hackers As crypto-currencies try to gain traction so they can move closer toward the mainstream, malware – or malicious software – is becoming a more significant threat. Previously, the majority of crypto-related malware was designed to mine anonymous crypto coins after hijacking a computer. However, a new strain is emerging that has the potential to do even more damage. To send and receive crypto-currencies’ lengthy wallet addresses, composed of random characters, need to be used. These are virtually impossible to remember for those without a photographic memory so in order to complete transactions many users copy and paste these long addresses using their Windows clipboard. A new strain of malware, that has been dubbed “CryptoCurrency Clipboard Hijackers”, is now taking advantage of this. According to recent industry reports, this new strain of malware scans the clipboard application for crypto wallet addresses and replaces it with ones that belong to the hackers. If a user does not double check the address before sending a transaction, it will be sent to the rogue one and the newly purchased coin will be lost to the attackers. Computer analysts at Bleeping Computer claim to have discovered a version of this clipboard malware that has been monitoring over 2.3 million crypto-currency addresses. The infection, that was discovered only last week, runs a malicious Windows library file – called d3dx11_31.dll – which uses a standard “rundll32.exe” component of the Windows operating system. This malware infection, that enters a computer via a script called “All-Radio 4.27 Portable”, runs in the background and will continue to monitor crypto address copy-pasting unless the user has reliable and up-to-date anti-malware software running. Users are also advised to double check the wallet address before executing the transaction. This so-called “cryptojacking”, along with Ransomware attacks, is according to Michigan State University research, now the biggest threat to computer user security. With a growing abundance of permanently connected IoT (Internet of Things) devices, it comes as no surprise that attackers are targeting these to mine or steal crypto-currency. Last month a new malware strain was discovered that infects smart TVs and Amazon Fire products to mine for digital currencies. Apple customers, who are usually of the opinion that they are immune to such things, are not safe either. MacOS malware has been recently discovered targeting crypto-currency investors that use both the Slack and Discord chat platforms. Dubbed OSX.Dummy, the malware enables infected Macs to be opened up for remote code execution which essentially gives the attacker full control over the machine. As virtual currencies increase in use and popularity, the ever advancing methods to pilfer them will no doubt follow. < Here > Link to comment Share on other sites More sharing options...
Archanus Posted July 3, 2018 Share Posted July 3, 2018 As always my journalist friend with the latest news Oh, and Microsoft implemented a new features in his Windows 10: Clipboard Menu :S ... Yeah that New Malware is "TOTALLY" unreleated to Microsoft ... Link to comment Share on other sites More sharing options...
Dodel Posted July 3, 2018 Share Posted July 3, 2018 4 minutes ago, Archanus said: As always my journalist friend with the latest news Oh, and Microsoft implemented a new features in his Windows 10: Clipboard Menu :S ... Yeah that New Malware is "TOTALLY" unreleated to Microsoft ... Correct it is unrelated, The crypto here, monitors the text copied to the clipboard and changes crypto strings on the fly, that isn't a new feature of Windows clipboard, it's a new attack vector. Link to comment Share on other sites More sharing options...
Archanus Posted July 3, 2018 Share Posted July 3, 2018 38 minutes ago, Dodel said: Correct it is unrelated, The crypto here, monitors the text copied to the clipboard and changes crypto strings on the fly, that isn't a new feature of Windows clipboard, it's a new attack vector. Well, let's see how the antivirus company can face this Link to comment Share on other sites More sharing options...
Kynyo Posted July 3, 2018 Share Posted July 3, 2018 Malwarebytes could be useful to protect on this kind of attack vectors? Link to comment Share on other sites More sharing options...
steven36 Posted July 3, 2018 Share Posted July 3, 2018 1 hour ago, Kynyo said: Malwarebytes could be useful to protect on this kind of attack vectors? Yes Malwarebytes should, if the malware is already known to vendors it's not a zeroday anymore. Quote This malware infection, that enters a computer via a script called “All-Radio 4.27 Portable”, runs in the background and will continue to monitor crypto address copy-pasting unless the user has reliable and up-to-date anti-malware software running there is other Crypto mining malware in the wild right now that don't care if you're running something and what ever you use will have to delete it. Like trustedinstaller.exe Crypto mining malware for example it adds itself to windows startup and is disgusted to look like part of windows updates. TrustedInstaller.exe 45 / 67 you catch this one using kodi via a url . https://www.virustotal.com/en/file/ed9354b5700072b75f0bc1a7abac57dca903d2f0f9980e24d4c6ec7c476701e2/analysis/ Malwarebytes still don't even detect this one better off to use a real antivirus . So Malwarebytes dont seem so reliable for these type of malwares . All-Radio 4.27 Portable is spread trough warez downloads . Quote How was All-Radio 4.27 Portable installed on my Computer? Victims are reporting that they are being infected by All-Radio 4.27 through software cracks for games, applications, and Windows. Some have specifically stated that the KMSpico Windows and Office license activation crack has been installing this infection. https://www.bleepingcomputer.com/virus-removal/remove-all-radio-4.27-portable-infection Different ones keep making its rounds on widows for like a year now to mine crytro last year antivirus were not even detecting them like they are now and people were having to reformat too git rid of them https://old.reddit.com/r/pcgaming/comments/6dx2ro/keep_your_eyes_out_for_bitcoin_miners_windows_r/di6n9az/ Link to comment Share on other sites More sharing options...
Dodel Posted July 3, 2018 Share Posted July 3, 2018 Remove the d3dx11_31.dll or Services DirectX Driver Clipboard Hijacker :- https://www.bleepingcomputer.com/virus-removal/remove-services-directx-driver-d3dx11_31.dll-clipboard-hijacker Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.