According to reports from tech support website, Bleeping Computer, there is new Clipboard malware that attacks cryptocurrency users. The malware gains control of bitcoin addresses by monitoring and swapping them out whenever they are copied to Windows clipboard. The report further shows that the clipboard malware is already monitoring over two million targets.
How Hackers Manipulate Bitcoin Addresses Using Clipboard Hijacker Malware
The malware, known as Cryptocurrency Clipboard Hijackers, is phishing and replacing crypto addresses with a new one which is usually manipulated. All the digital assets transferred to the cloned address will be received and managed by cyber hackers.
The malware secretly takes control of memory, while running in the system background to ensure that users do not notice it is working. The clipboard hijacker malware later swaps the Bitcoin address copied into the windows clipboard by the user with another address from the attacker. The user then falls victim by unknowingly pasting and sending their digital assets to the hacker’s address.
With Africa, Asia and other regions showing an increasing interest in using and exploring digital currencies, people’s awareness of Bitcoin (BTC) and other cryptocurrencies has rapidly grown over the past few years, and more people are now mindful of virtual currencies. In the light of this, the tech expert has warned crypto users to double-check the addresses generated for transactions before going on to complete the exchanges. The owner of Bleeping Computer, Lawrence Abrahams, noted that:
”This type of malware, called Cryptocurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control.”
Apart from double-checking the recipient bitcoin address during transactions, cryptocurrency users are also advised to keep updating their antivirus software, as it is users’ primary defense against such malware attacks. Mr. Abrahams, who also happens to be a software analyst and computer forensics cautioned that: “Therefore it is important to always have an updated antivirus solution installed to protect you from these types of threats. It is also very important that all cryptocurrency users to double-check any addresses that they are sending crypto coins to before they actually send them.”
Mr. Abrahams added that the infection was part of the “All-Radio 4.27 Portable malware package” that Bleeping Computer distributed recently. “When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called “DirectX 11” will be created to run the DLL when a user logs into the computer.”