According to the report made, this Trojan is capable of stealing Bitcoins from purses using the operating system’s clipboard. Does it sound weird? We will explain how it is able to carry out the theft. When a Trojan reaches a computer, generally the steps to follow are to reach the persistence in the system and to listen to instructions coming from the control server. The one that occupies us carries out part of this task, except for the last one. It is true that it maintains periodic contact with a control server. However, the Windows clipboard wit for activity. It means the clipboard waiting to detect “cut, paste” or “copy, paste” operations. What’s the point of all this? The explanation is very simple. Imagine for a moment that we are going to make a transaction and we want to write the ID of our Bitcoin wallet. To avoid writing errors, the most recommended option is to copy and paste the character set. The threat takes advantage of this operation to “modify” this text that is in the portfolio. The purpose is simply to put an address that belongs to a purse owned by cybercriminals. It means that whatever the transaction you will do simply all those amounts will go to criminals wallet. Using this technique, the cybercriminals have already managed to steal a number of Bitcoins amounting to $150,000.
The origins of CryptoShuffler
Is it a new threat? No. Security experts have been in charge of confirming that the banking Trojan has its origin in 2016, although it was in the middle of this year when some security companies detected Internet activity related to CryptoShuffler. Security experts describe it as an almost perfect threat, as well as being practical. It hardly requires network activity and its arrival in the system is barely noticeable, something totally contrary to what happens with other threats, with processes that “drown out” the CPU and have an intense network activity. Why hack accounts belonging to Bitcoin wallets if I can intervene at the time of the transaction? That is what the owners of the threat will have thought.
Routes of distribution of this Trojan
It is not entirely clear what is the main route of distribution. Security experts indicate that there are only versions for computers that use Windows operating systems. It has been detected in direct downloads of web pages, as an email attachment or distributed even through social networks. The experts have already cataloged it as one of the most satisfactory threats in terms of cryptocurrency theft. As the last point, indicate that not only Bitcoin wallets can be affected. Those belonging to Dogecoin, Litecoin, Dash, Ethereum, Monero and Zcash could also be affected. So, what do you think about this? Simply share your views and thoughts in the comment section below.