Expert Finds Malware Affecting Cryptocurrency Is Gaining Traction Across USA
Scroll DownOn June 5, it was reported that a malware researcher who goes by the name of "Fumik0_" had found a fake website that is spreading cryptocurrency malware across the Internet.
The fake website is spoofing a popular site called Cryptohopper, which provides users with the ability to make automated digital currency trades. When people mistakenly go to the scam site, it automatically downloads an installer that displays the actual logo of Cryptohopper. If someone then unwittingly installs the program, the malware infects the computer.
Supposedly, the malware installs a trojan, which itself installs two other trojans. One of these trojans hijacks a user's clipboard, while the other mines for cryptocurrency. The two trojans then run continuously each and every minute.
The initial trojan further tries to steal sensitive data from the computer. This data includes cookies, payment data and user credentials. The trojan is said to attempt to access digital currency wallets, too, if they exist on the computer. The trojan afterward sends all this data to another server.
The clipboard hijacker is also used for stealing digital currency. It continually checks if the user has copied a cryptocurrency address into the clipboard. If this happens, it replaces this address with its own address, hoping that the user will then paste this address from the clipboard into a cryptocurrency transaction. The trojan reportedly has address substitutions for all the leading digital currencies.
Currently, one of these scam addresses has 33 Bitcoins in it, which is worth more than $250,000. Though it is not possible to know at this time how much of this currency, if any, came as a result of the trojan.
This is not the first time that this clipboard hijacker has been in the news. Just last the month, the same trojan was used in a scam perpetrated over YouTube. It tricked users into visiting a website that promised them a free Bitcoin generator. But instead of installing the generator, the site installed the trojan and tried to steal cryptocurrency from them.
Comments