Russian cybersecurity company Kaspersky Lab said it has detected a new malware able to steal cryptocurrencies from users’ web wallets by replacing their address with that of its creator.
Cybercriminals are targeting digital currencies such as bitcoin, ethereum, zcash, dash, monero and others, according to the company. However, the maximum losses were borne by owners of bitcoin-wallets with nearly 23 bitcoins worth over $160,000 stolen. Sums stolen from other digital wallets are ranging from a few dollars to several thousand.
“Cryptocurrency is not a far-off technology anymore. Lately, we have observed an increase in malware attacks targeting different types of cryptocurrencies and we expect this trend to continue,” Sergey Yunakovsky, a malware analyst at Kaspersky Lab, said in a statement.
The new virus, named CryptoShuffler, activates itself when a targeted user attempts to transfer money from one wallet to another. The procedure requires the recipient’s wallet ID, which commonly consists of a long set of symbols and is impossible to memorize, making a user apply a copy-paste option.
The process involves copying wallets' numbers and pasting them into the “destination address” line of the software that is used to carry out a transaction. At that stage, CryptoShuffler starts to monitor the device's clipboard, utilized by a victim when making a payment.
The virus replaces the wallet with one owned by the creator, which means that a user pastes the wallet ID, not in the address they originally intended to send money to. As a result, a user transfers his or her money directly to cybercriminals, unless the user spots the sudden replacement.