Crypto-currencies' long wallet addresses are composed of random characters and nearly impossible to recall. A new strain of malware is taking advantage of this. Photo: iStock

As crypto-currencies try to gain traction so they can move closer toward the mainstream, malware – or malicious software – is becoming a more significant threat. Previously, the majority of crypto-related malware was designed to mine anonymous crypto coins after hijacking a computer. However, a new strain is emerging that has the potential to do even more damage.

To send and receive crypto-currencies’ lengthy wallet addresses, composed of random characters, need to be used. These are virtually impossible to remember for those without a photographic memory so in order to complete transactions many users copy and paste these long addresses using their Windows clipboard. A new strain of malware, that has been dubbed “CryptoCurrency Clipboard Hijackers”, is now taking advantage of this.

According to recent industry reports, this new strain of malware scans the clipboard application for crypto wallet addresses and replaces it with ones that belong to the hackers. If a user does not double check the address before sending a transaction, it will be sent to the rogue one and the newly purchased coin will be lost to the attackers.

Computer analysts at Bleeping Computer claim to have discovered a version of this clipboard malware that has been monitoring over 2.3 million crypto-currency addresses. The infection, that was discovered only last week, runs a malicious Windows library file – called d3dx11_31.dll – which uses a standard “rundll32.exe” component of the Windows operating system.

This malware infection, that enters a computer via a script called “All-Radio 4.27 Portable”, runs in the background and will continue to monitor crypto address copy-pasting unless the user has reliable and up-to-date anti-malware software running. Users are also advised to double check the wallet address before executing the transaction.

This so-called “cryptojacking”, along with Ransomware attacks, is according to Michigan State University research, now the biggest threat to computer user security. With a growing abundance of permanently connected IoT (Internet of Things) devices, it comes as no surprise that attackers are targeting these to mine or steal crypto-currency. Last month a new malware strain was discovered that infects smart TVs and Amazon Fire products to mine for digital currencies.

Apple customers, who are usually of the opinion that they are immune to such things, are not safe either. MacOS malware has been recently discovered targeting crypto-currency investors that use both the Slack and Discord chat platforms. Dubbed OSX.Dummy, the malware enables infected Macs to be opened up for remote code execution which essentially gives the attacker full control over the machine.

As virtual currencies increase in use and popularity, the ever advancing methods to pilfer them will no doubt follow.

Please contact us with feedback, news or stories:

One reply on “‘Clipboard malware’ monitoring millions of Bitcoin addresses”

Comments are closed.