The cybersecurity firm, Kaspersky Labs, Massachusetts branch, released a press statement towards the end of last month which confirmed their discovery of a new wallet Trojan, CryptoShuffler.
The Trojan exploits cryptocurrencies’ reliance on clipboards when conducting transactions, which allows hackers to redirect funds to their own wallet addresses.
Hacking campaigns which target cryptocurrency wallets have become increasingly popular since they have been entering the mainstream. However, what makes CryptoShuffler particularly damaging is the fact that it targets specific wallet addresses.
Clipboards play a vital part in crypto wallet transactions. The clipboard stores the copied address data, which the wallet owner can use afterward. However, CryptoShuffler found a way to exploit this mechanism. Once a user copies an address into their clipboard, the CryptoShuffler Trojan allows the hacker to swap out the wallet addresses with their own.
This means that the subsequent wallet transactions will be redirected to the hacker’s own wallet instead of the user’s intended receiving address.
Currently, the Trojan is only targeting Bitcoin specifically. However, this Trojan could likely be reconfigured to target other cryptocurrencies. To date, the responsible hackers managed to steal over 23 Bitcoins using the Trojan.
In their press release, the malware analyst, Sergey Yunakovksy, from Kaspersky Labs noted that unfortunately, cryptocurrencies will become increasingly targeted in the future as they are becoming more popular and more widely accepted within the financial landscape. Yunakovksy added that cryptocurrency would, unfortunately, remain an irresistible target for hackers.
Yunakovksy’s assertion was confirmed by the fact that Kaspersky noted that there is a definite increase in hacking campaigns which target cryptocurrencies. This trend is only likely to grow as cryptocurrencies become increasingly popular. Yunakovksy emphasized that all cryptocurrency users should, instead of being discouraged, take the time to review their security measures.
So far, the only defense against CryptoShuffler is to double check several times whether the receiving address is the correct one. While CryptoShuffler can swap addresses, the Trojan is unable to engage in transactions.
This last year alone has witnessed several cybercrimes which targeted cryptocurrencies and its service providers.
North Korea was discovered to be responsible for hacking three of South Korea’s most significant cryptocurrency exchanges since May earlier this year. Also, the presumably state-backed hackers launched several malware campaigns against the exchanges, including “Hangman,” and “Peachpit.”
Experts have posited that North Korea’s hacking campaigns could be launched to cause chaos and instability in its neighbor’s market. However, a more troubling possibility is that North Korea could actively be seeking to generate funds using cryptocurrency to keep funding its nuclear weapons program.
Unfortunately, most cryptocurrency service providers, such as wallets, are ripe for hacking as most platforms and services are still in their infancy, and therefore easy targets for hackers.
According to Forcepoint, the crypto wallet provider, Coinbase, also experienced an attack a few weeks ago. Reports confirmed that malware, known as Trickbot, was actively targeting Coinbase users’ wallets.
This past summer also saw a landmark hacking campaign, WannaCry, which employed malware to encrypt victim’s computers and required a ransom of $300 worth of Bitcoin before it could be decrypted.
With cryptocurrency’s rising popularity it seems unlikely that hackers will be diverted from this lucrative industry anytime soon. Most experts echoed Yunakovksy’s advice and suggested users employ vigilance when it comes to their cryptocurrency transactions.