Kaspersky Lab: Malware Stole $140,000 in Bitcoin

Announcements, Crime, News | November 8, 2017 By:

International software security group Kaspersky Lab recently discovered a new malware called CryptoShuffler Trojan. The new malware steals cryptocurrencies from a user’s wallet by replacing their address with its own in the device’s clipboard.

Kaspersky said CryptoShuffler Trojan enters computers disguised as a harmless pieces of software downloaded from the Internet. Once the malware is on a device, it analyses everything that the user copies until it recognizes a cryptocurrency wallet address. The Trojan then replaces the user’s wallet address with one owned by the malware creator. Therefore, when the user pastes the wallet ID to the destination address line, it is already not the address they originally intended to send money to and, as a result, the victim transfers their money directly to criminals.

The malware’s ability to replace a destination literally takes milliseconds because it’s so simple to search for wallet addresses – the majority of cryptocurrency wallet addresses have the same beginning and certain number of characters. Therefore, intruders can easily create regular codes to replace them.

Kaspersky claimed that the malware have already stolen 23 BTC, worth around $140,000, from wallets. The total amount stolen from other wallets range from a few dollars to several thousands. The creator of the malware has been operating for a year, targeting bitcoin, ethereum, Dash, Monero, Dash and other cryptocurrencies.

Kaspersky said that crypto users should to pay close attention during transactions, and always check the wallet number listed in the ‘destination address’ line against the one you are intending to send coins. Users should also be aware that there is a difference between an invalid address and an incorrect address: In the first case, the error will be detected and the transaction won’t be completed; in the latter, you will never see your money again.

“Cryptocurrency is not tomorrow’s technology anymore,” said Kaspersky Lab malware analyst Sergey Yunakovsky. “It is becoming part of our daily lives, actively spreading around the world, becoming more available for users, and a more appealing target for criminals. Lately, we’ve observed an increase in malware attacks targeted at different types of cryptocurrencies, and we expect this trend to continue. So users considering cryptocurrency investments should think about protecting their investments carefully.”