Hackers Stole Over $150,000 From Zcash, Ethereum, and Bitcoin Wallets
An anonymous group of hackers has begun to target Bitcoin, ZCash, Ethereum, and Monero wallets with malware known as CryptoShuffler, successfully stealing $150,000 from user wallets within the past few months.
CryptoShuffler is a type of malware which infects computers and mobile phones through phishing attacks in the form of emails, attachments, and messages. Once CryptoShuffler penetrates a system, it idly operates behind the scenes, waiting to detect a cryptocurrency wallet address on the clipboard. Once the user copies and pastes a cryptocurrency wallet address, for instance a bitcoin address, the CryptoShuffler malware automatically alters the bitcoin address on the clipboard to the wallet address of CryptoShuffler.
For the victims, it is difficult to spot the sudden alteration in the address because the CryptoShuffler malware has tens of thousands of addresses in its system. Using its algorithm, it chooses the address from its pool that is the most similar to the victim’s address, and replaces the victim’s address with one of its addresses, rerouting the funds to the hacking group’s cryptocurrency wallets.
It is also challenging to detect and remove the CryptoShuffler malware or any type of cryptocurrency-targeting malware of its kind because they operate idly within the operating system. In most cases, even a full format or factory reset will not remove the malware. A clean wipe out of the hard drives is necessary.
While it is hard to spot and eliminate the malware once it penetrates an operating system, it is not difficult to prevent any type of cryptocurrency wallet-targeting malware of entering the system. Usually, these types of malware can only be installed into devices through external phishing attacks and downloads of attachments, files, and images. Hence, in addition to enabling antivirus software, it is important to verify the files that are downloaded to the device to ensure that they do not contain any malware.
Also, another way of preventing the reallocation of funds from occurring is to double check the cryptocurrency wallet address that is inputted. Because CryptoShuffler automatically changes the address once it hits the clipboard, a safe approach is to confirm the address that was copied and pasted and whether it matches the address of the recipient.
An Ethereum user with the online alias “Apneal” once was a victim to the CryptoShuffler malware. When Apneal sent a couple of small transactions in Ether from MyEtherWallet, Apneal noticed that the transactions did not arrive in the recipients wallet after many hours. Apneal later discovered that the clipboard automatically changed the address once copied and pasted, rerouting the Ether transactions.
I am completely new to Steemit, so my upvote means nothing, but i upvoted you anyway. It is very well written, and very informative. I didn't know about this issue, but i'll definitively be more aware of this in the future. Kinda scary, but it is logically that such a scam would be made.
Thank you for those kind words. It means a lot to me. Hope you will do well in this crypto journey and make sure to be safe and avoid scams.