June 14, 2018 360 Total Security is new information for the users of cryptocurrencies, concerned about cryptogamia. The laboratory had discovered a new type of actively-spreading malware ClipboardWalletHijacker.
Trojan monitors the activity of the clipboard to detect the transaction of Bitcoin and Ethereum (ETH). Next, the malware replaces the recipient address to your own. This virus was found on more than 300,000 computers during the week.
The main function ClipboardWalletHijacker — periodic cycle, controlling the contents of the clipboard. If the content is an e-wallet Ethereum, it replaces the address on this “0x004D3416DA40338fAf9E772388A93faf5059bfd5”. At the moment, there were at least 46 successful transactions.
If the content is not address from Ethereum, ClipboardWalletHijacker will check whether it’s an address with bitcoins. The strategy of substitution shall be the date. If the current date is before the 8th day of the month, the Trojan replaces the address in the “19gdjoWaE8i9XPbWoDbixev99MvvXUSNzl”. This address has already leaked about 0,034 BTC. If the transaction is conducted after the 8-th number, it will use “1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1”. Malware is successfully intercepted almost 5 bitcoin transactions. Yet the highest amount of a transaction that was intercepted, is to 0.069 BTC, which is roughly equivalent to 500 US dollars .
It is highly recommended that users include the antivirus software when installing new applications.