Cryptocurrency wallets are currently being targeted by the CryptoShuffler Trojan.
It is unclear who is behind the attack, however, $150,000 of Dash, Monero, Ethereum, Bitcoin and Zcash has been stolen.
CryptoShuffler has been around since 2016 while the latest campaign surfaced this past June.
The Trojan goes after infected devices and will not display a ransom message. The goal is to stay discreet without being detected. The Trojan attacks the wallets by modifying the original legitimate address of the user with its own on the clipboard of the targeted device.
According to researchers “The malware described is a perfect example of a ‘rational’ gain. The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load.”
The mechanism of CryptoShuffler is very straightforward where the victim’s ID number which is used in transaction processes by copying and pasting it as the destination address in the transaction software that is used, is replaced by the malware creator. The wallet ID that the user enters in the address line is not the original one which allows the money to be transferred to the attacker. The process happens in milliseconds making it easy for the attacker.
Users are advised to carefully monitor their transactions and to cross check the wallet ID that is listed in the destination address line with the one that the money is sent on.
Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining advanced technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.