The latest Cryptocurrency wallet Trojan, CryptoShuffler, can switch recipient addresses to redirect funds to the hackers’ accounts.
At the end of October, the prominent cybersecurity firm, Kaspersky Labs, released a press statement wherein they confirmed that they’ve discovered a new cryptocurrency wallet Trojan, known as CryptoShuffler. The Trojan is reported to be able to swap out recipient addresses with their own, by exploiting a wallets clipboard usage.
Clipboard exploitation has been around since the dawn of the crypto wallet, however, the CryptoShuffler Trojan is unique in that it is able to target specific wallet addresses.
Whenever a user wants to send money to a recipient address, the user’s clipboard saves the copied information, which the user can easily paste in the address. However, the latest Trojan has the ability to recognize the moment a user copies a new wallet address into their clipboard. Once the address has been recognized, the Trojan allows the hackers to switch the intended recipient address on their own.
Essentially the CryptoShuffler Trojan allows the hacker to redirect the funds away from the intended recipient address, and funnel the funds into their own addresses.
While the Trojan is only targeting Bitcoin for the moment, experts stated that there would be little difficulty involved in reconfiguring the Trojan to target other cryptocurrencies as well. To date, the responsible hackers have stolen just over 23 bitcoins with the malware.
During their press release, a malware analyst from Kaspersky Labs, Sergey Yunakovsky, noted that we are likely to see a remarkable increase in malware attacks which target cryptocurrencies and its service providers, especially since Bitcoin and its counterparts are being readily more accepted by the mainstream financial landscape. Yunakovksy added that cryptocurrency is not an abstract future technology anymore, but rather something relevant to several users’ daily lives. This, according to Yunakovksy will make cryptocurrency an increased target in the future.
Yunakovksy added that his firm, Kaspersky Labs, has witnessed a marked increase in malware attacks tailored to cryptocurrencies or cryptocurrency service providers. Kaspersky Labs predict that this trend is likely to continue and grow in the next few years. Yunakovksy warned users to use the latest attack as an opportunity to review the security measures they have in place to protect their cryptocurrency.
While there are no software security measures as of yet, users have been instructed to ensure that the address they want to send funds to, is the correct one. The Trojan only has the power to switch addresses, it cannot influence the transaction in any other way.
The cryptocurrency community has endured several malicious attacks in the last year alone.
North Korea has been making several headlines as of late as they have been actively launching attacks on three different cryptocurrency exchange platforms in South Korea which started in May this year. In addition, the state-backed North Korean hackers implemented malware such as “Hangman” and “Peachpit” against the targeted exchanges.
While it seems likely that North Korea is mainly trying to cause chaos in its neighboring country’s exchanges, experts have suggested a far more sinister reason behind the attacks. Many users and experts have pointed out that the onslaught of attacks could perhaps be North Korea’s attempt to evade the restrict sanctions placed upon the country.
The current inefficient security measures employed by the crypto community and its service providers have unfortunately made it an ideal and lucrative target for hackers.
The cybersecurity firm, Forcepoint, announced at the end of August that Coinbase fell victim to a Trickbot malware. In addition, the infamous WannaCry ransomware attack garnered attention earlier this year.
As hacking campaigns are likely to increase in frequency and severity, users are once again reminded to review their security measures and modify them if necessary.