Cybercriminals are leaving no stone unturned in their quest to illegally acquire Bitcoin. From hacking exchange platforms to ransomware as well as cryptojacking attacks, hackers adopt a multitude of sophisticated means to steal cryptocurrencies. Since 2017, cryptos have steadily become more valuable. A handful of some coins can fetch a hefty price in fiat currency.
Despite the growth in popularity of cryptocurrency around the world, most of its technology has remained unchanged since it emerged in 2009. Sending coins still requires the use of nigh-impossible to remember addresses. Thus, many users have formed the habit of copying and pasting addresses when sending cryptocurrencies. Reports suggest that hackers have discovered a way to exploit this habit and steal Bitcoins in the process.
Details of the Malware
Hackers know that many Bitcoin users elect to copy and paste Bitcoin addresses when sending and receiving BTC. So, they have created a computer malware – cryptocurrency clipboard hijacker. Usually, this malware monitor between 400,000 and 600,000 addresses at a time. However, Bleeping Computer has recently uncovered a clipboard hijacker that is monitoring more than 2.3 million Bitcoin addresses.
The address swapping virus was part of the All-Radio 4.27 Portable malware package. If a user unknowingly installed this infected program, a malicious DLL would be added to the person’s registry. This malicious DLL – d3dx11_31.dll creates an autorun program that works in the background, carrying out the swapping process.
How the Clipboard Hijacker Malware Works
This malware crawls through the windows clipboard environment looking to detect Bitcoin addresses. Once the malware recognizes a BTC address, it is swapped for another address owned by the hacker. It seems simple enough, but an attack of this nature can have devastating consequences since there is no way to undo a cryptocurrency transaction once concluded.
The user might remain none-the-wiser about the attack. Since the hackers aren’t stealing funds directly from the wallet, none of the available protective measures are likely to counter this exploit. The malware targets an aspect of the cryptocurrency ecosystem that many would argue is a security upgrade compared to mainstream network architecture.
In a way, difficult to memorize addresses can be a bad thing, as well as a good thing. If Bitcoin address were like email addresses, for example, it would be more difficult to pull off such an attack successfully.
How to Shield Your Bitcoin Transactions from Such Attacks
The first step to take would be to have an updated antivirus program capable of detecting the presence of such a malware program. The crypto clipboard hijacker runs in the background so its presence will likely not be apparent to the user.
The second step would be to always perform checks on addresses before clicking the “send” button. When carrying out a transaction, open notepad and paste the intended address into the program before pasting it the wallet application. After doing that, copy whatever address shows up and paste it back in the open notepad. Manually eyeball both addresses to see that they match. Repeat this step as many times as possible. There is no use being in haste and end up making a catastrophic blunder. You can complete the transaction when all the checks are completed.
What do you think about this latest cryptocurrency hacking threat? Do you have any other useful safeguards against such an attack? Let us know in the comment section below
Image courtesy of Bleeping Computer.
Discussion about this post