The CryptoShuffler malware has been discovered by security researchers from Kaspersky Lab, cybercriminals are using this malware to steal cryptocurrencies from the victim’s wallet by replacing their address with its own in the devices.
The malware remains idly on victims’ machines, waiting for a Bitcoin transaction then substitute any string that seems like a Bitcoin wallet with the attackers’ address.
As a result of this, the victim transfers the funds directly to the cybercriminals, unless a mindful user detects the sudden replacement.
According to the researchers:
“The Trojan begins by monitoring the infected device’s clipboard. Users utilize this software facility when making a payment: they copy a recipient’s walled ID number and paste it into the “destination address” line in the software they are using to make their transaction. What they don’t know is that the Trojan then replaces the user’s wallet address with one owned by the malware creator”
The malware’s ability to substitute a destination actually takes milliseconds because it’s very simple to search for wallet addresses, cryptocurrency wallet addresses have the same start and a specific number of characters.
Kaspersky Lab recommends users to give close attention to transactions, and always check the wallet address listed in the ‘destination address’.