The IT security researchers at Qihoo 360 Total Security have discovered a new malware aiming at stealing cryptocurrencies, including Bitcoin and Ethereum, from the computer system of unsuspected users. Dubbed ClipboardWalletHijacker by researchers; the malware is targeting at Windows-based devices and is currently installed on over 300,000 devices.
As indicated by its name the malware monitors clipboard activity to identify what kind of cryptocurrencies the victim has stored in their wallet – In case the malware finds Bitcoin and Ethereum addresses it replaces them with the one used by cybercriminals behind the campaign.
So far ClipboardWalletHijacker has stolen over 5 Bitcoin while its last activity was detected on June 12th, 2018, indicating that malware is still active and stealing funds.
Recently, we have found that a lot of CryptoMiner Trojans are using this technique to steal victims’ cryptocurrencies. “We strongly recommend users to enable antivirus software while installing new applications”, said the company in their blog post.
ClipboardWalletHijacker’s ability to replace wallet address by monitoring clipboard activity is not new, previously, CryptoShuffler Trojan was found following the same method to steal mainstream cryptocurrencies including Dash, Monero, Ethereum, Bitcoin, and Zcash, etc.
In March this year, researchers spotted ComboJack malware which is actively stealing cryptocurrency by modifying victims addresses. Moreover, Evrial and Coinbitclip trojan was also caught monitoring clipboard activities of their victims to steal funds by replacing their wallet addresses.
If you are investing in cryptocurrency make sure your system is secure and funds are properly protected. Additionally, cryptocurrency users are advised to avoid using online wallets to store their funds and move to hardware wallets. Here is a list of 5 secure Bitcoin wallets which you can trust.
In January this year, researchers warned Internet proxy users to watch out for Tor Proxy since its owners were found replacing Bitcoin payment addresses to divert payments from ransomware victims to their own wallets.