As Core Media recently reported, a malware that’s been around since at least 2016, CryptoShuffler, recently launched a new campaign targeting cryptocurrency users in order to trick them into sending their funds to the attackers’ wallets.What CryptoShuffler does is sit idly on users’ computers while watching their clipboards, so it can spring into action once an address is copied onto it, and replace it with that of its admins. It affects various popular cryptocurrencies, including Bitcoin, Monero, Zcash, and Litecoin, and has netted its creators at least 23 BTC.
To protect yourself against the threat, it’s clear that paying attention is a must. To make sure you are sending your money to the correct address, always check the first and last digits of the entered address to make sure it’s the correct one. To be extra safe, check a few in the middle as well.
However, both CryptoShuffler’s admins and security experts know that often the normal process is to just copy and paste addresses, so special precautions need to be taken. Using popular antivirus and anti-malware systems may be a good way to start, although they may not detect every malicious program on your computer.
According to our research, anti-keylogging tools are the best way to escape CryptoShuffler or any other type of malware that attempts to take advantage of what you do with your clipboard. Two paid solutions we believe will do the trick are SpyShelter and Zemana Antimalware.
Both mentioned tools essentially encrypt typed information to ensure nothing gets out. Even if your anti-virus solution misses a keylogger or CryptoShuffler in your system, you won’t have to worry about it as apps will be barred from accessing your clipboard. Moreover, by encrypting the information all keylogger admins will receive is random, meaningless text, instead of your sensitive information.
If you believe paying for something that can be fixed just by paying attention isn’t worth it, ArsClip may also interest you. This clipboard management tools essentially lets you know what’s on your clipboard at all times and gives you advanced control over it. It may not be an anti-malware tool, but it’ll help.
As pointed out, cybercriminals are increasingly trying to get to your bitcoins. While Kaspersky Labs has pointed out that most cryptocurrency-related malware wallets often only earn $50-$100, others similar to CryptoShuffler may be out there. Always double-check your addresses, and make sure you’ve got things right.
Earlier this year, two fake Poloniex apps were found on Google Play, stealing user credentials to get to the funds they had in the exchange. A third one may still be out there. To stay safe, make sure services you use do have official apps, and always use 2FA.
Voice of experience
A user who’s previously been infected with similar malware shared his story with this piece’s author. According to the user, this type of trojans can easily cling onto your computer whenever you download dodgy software, and cybercriminals may try to put everywhere they can to infect as many users as possible.
He noticed his computer was infected after sending a BTC transaction and noticing it never got to its destination. After losing the money he started paying attention, and quickly wiped his computer clean and ran Malwarebytes afterward to get rid of the malware, but some damage had already been done. He cautioned the addresses the malware uses can be similar to those the funds were going to be sent to, stating:
“You can get these viruses from installing dodgy software. That includes pirated music and media. I would imagine hackers are introducing such Trojans to anything they can get people to download. You wouldn’t know unless you used BTC and paid attention. The one I caught even made the address seem very similar. So it looks the same at a glance when you paste.”