The euphoria of "mining" conquers the cyber world, with many users taking advantage of this trend to generate digital money. If you have not adopted it yet. you may soon be joining those who have realized that digital coins are the new gold ...

But imagine, you become the owner of an online mining farm. Invest more in its maintenance, including in electricity costs, and start generating digital money every day. What's next? You'll probably want to spend your earnings, convert your coins to real money, or transfer them into a digital wallet ...

Once transactions are confirmed, what happens if money goes elsewhere? Due to the fact that the crypt-coin market is unregulated and decentralized, there are no chances to recover money. And if this happened, your PC is likely to have been infected with malware. Kaspersky Lab has found that the number of digital money thieves is on the rise.

The crypt-coin thieves were detected for the first time a few years ago. But after the recent boom of digital coins in global markets, they are coming back and again threatening users' savings. Kaspersky Lab researchers have discovered a new type of malware, the CryptoShuffler Trojan. This program was created specifically for the theft of crypto-coins and attacks users when they give "copy-paste" to the numbers of their digital wallets during payment transactions.

So-called "clipboard theft" attacks have been previously encountered, targeting online payment systems. However, experts believe that, at present, cases involving crypt-coins are rare.

According to Kaspersky Lab, the creator of a CryptoShuffler Trojan has been operating for over a year and is targeting a wide range of the most popular digital coins such as Bitcoin, Ethereum, Zcash, Dash, Monero and others. The culmination of the offender's activity was at the end of last year, followed by a quiet period, which lasted until June 2017. Until now, criminals have already managed to acquire 23 BTC from Bitcoin wallets, equivalent to nearly $ 140,000 . Total amounts stolen from other types of wallets range from a few dollars to a few thousand.

For most crypt coins, if a user wants to transfer money, they need to know the recipient's wallet ID - a unique number.

The

CryptoShuffler

mechanism is very simple and efficient. After installation, the trojan starts to monitor the clipboard of the infected device. Users use this feature when making a payment: they copy the wallet numbers and insert them into the "destination address" field of the program used to make the transaction. But the trojan replaces the user's wallet address with that of the malware creator. Therefore, when the user inserts the wallet ID next to the destination address, this is not the address to which he intends to send the money. Thus, the victim transfers the money directly to offenders, only the most alert users observing the change.

Destination change literally takes a few milliseconds. This is possible because the wallet addresses are easy to find, most of them having the same digits at the beginning and the same number of characters. Thus, offenders can constantly create codes to replace real ones.

With this trick, criminals take advantage of the lack of attention of users. When making a payment, they typically do not check the figures. In addition, blockchain wallet addresses are complicated and very difficult to keep in mind. Users do not pay enough attention to checking the transaction, even if the figures are in front of them, and a small change might cost them on their own.

Crypto-coins are no longer the technology of the future, but of the present. It is spreading throughout the world, becoming more and more readily available to users, but also an increasingly attractive target for offenders, "said Sergey Yunakovsky, malware analyst at Kaspersky Lab. "Lately, we have seen an increase in malware attacks targeting different types of cripto-coins, and we expect this trend to continue. Therefore, users who consider investing in crypt-coins should also protect them carefully. "

The CryptoShuffler Trojan is not the only malware that hunts savings in crypt-coins. After the latest report on mining botnets, experts have found another Trojan that uses the Monero crypto-coin, DiscordiaMiner. It was created to upload and execute files from a remote server. According to the research, there are some similarities in NukeBot Trojan mode, discovered this year.

How do you protect yourself from malware that leaves you bitterly

A simple and handy way to protect yourself is to take great care during transactions and always check the wallet number passed to the recipient compared to where you intend to send the money. Also, you should be aware that there is a difference between a non-existing address and an incorrect one. In the first case, the error will be detected and the transaction will not occur. In the second, the money will disappear.

Another way of protection is to install a security solution like Safe Money, available in Kaspersky Lab's flagship solutions. It scans the system, looking for vulnerabilities known to be exploited by cyber criminals, constantly checks whether there is specialized malware and protects transactions against any intrusion with Protected Browser technology. Furthermore, it protects the clipboard, where important data can be stored during copy / paste operations.

Kaspersky Lab products detect and block malware with the following names:

Trojan Banker.Win32.CryptoShuffler.gen
Trojan.Win32.DiscordiaMiner