With the price of cryptocurrencies shooting up, the incidence of sophisticated malware and trojans has increased. The latest trojan, Cryptoshuffler, has managed to steal Bitcoins worth $150,000 so far.
Simple modus operandi
The modus operandi of CryptoShuffler is very simple - It strikes when a user copies a Bitcoin address onto the clipboard, presumably to paste it in the destination address of his wallet and send across Bitcoins. Cryptoshuffler then replaces the address in the clipboard with an address owned by the malware creator. Unless a user notices that the address he has pasted is different, the funds will be transferred to the malware creator. Given Bitcoin transactions' irrevocable nature, the user has no way to retrieve his Bitcoins once the transaction is confirmed.
The malware targets not only Bitcoin users, but the users of other cryptocurrencies like Ethereum, ZCash, Monero, Dash and Dogecoin. The Bitcoin address linked to Cryptoshuffler has received 23 Bitcoins so far, valued currently at $150,000. The Trojan has been active for over a year, with the first reported Bitcoin transaction to the malware creator's address occurring in September 2016. After a brief lull in its activity, the number of affected transactions has increased in the last few months.
Sergey Yunakovsky, malware analyst at Kaspersky Lab, writes about Cryptoshuffler
“Cryptocurrency is not a far-off technology anymore. Lately, we have observed an increase in malware attacks targeting different types of cryptocurrencies and we expect this trend to continue.”
Clipboard hijacking is not new - trojans have been known to repeat the same modus operandi with bank accounts. However, CryptoShuffler seems to have been especially successful using this old strategy, lurking in the background of various computers.
“The malware described is a perfect example of a “rational” gain. The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load.”
No alternative to security basics
The recent success of CryptoShuffler has shown that there are no shortcuts when taking care of computer security. Do not install any software from untrusted sources. If software is digitally signed, ensure that you verify the signature before installing it. Keep your antivirus updated and a firewall in place. Store most of your cryptocurrencies in a cold wallet or a wallet which requires two factor authentication. Always be alert when sending Bitcoins. Small precautions taken can go a long way in safeguarding your cryptocurrencies.