The new CryptoShuffler malware is just the latest devastating exploit that cybercriminals are using to increase their crypto positions nefariously. The community must remain ever vigilant.
Kaspersky Labs Uncovers BTC-Nabbing CryptoShuffler
In an October 31 press release, Kaspersky Labs’ Massachusetts branch announced the discovery of CryptoShuffler; an insidious type of malware targeting crypto users’ transactions via clipboard apps.
Clipboard exploits are nothing new in the hacking world, but the CryptoShuffler Trojan is the first of its kind, in that it specifically targets crypto wallet addresses.
Clipboard apps store copied data so that users can paste this data thereafter. Alas, the CryptoShuffler identifies when users have copied a wallet address into their clipboard, and then swaps the address with the hacker’s own address, presuming that a crypto transaction is occurring.
In this sense, CryptoShuffler steps between transactions and diverts funds away from a user’s desired recipient address.
For now, the malware’s creators have instructed the trojan to target Bitcoin addresses specifically, though they could presumably reconfigure the malware to attack the addresses of any cryptocurrency. At press time, the hackers have stolen over 23 bitcoins using CryptoShuffler.
In the press release, Kaspersky Labs’ malware analyst Sergey Yunakovsky said attackers would only continue to attack the crypto space further as mainstream adoption of cryptocurrencies continues to materialize, “Cryptocurrency is not a far-off technology anymore. It is getting into our daily lives and actively spreading around the world, becoming more available for users, as well as a more appealing target for criminals.”
“Lately we’ve observed an increase in malware attacks targeting different types of cryptocurrencies, and we expect this trend to continue. So, users considering cryptocurrency investments at this time need to think about ensuring they have proper protection.”
At present, users can best defend themselves from CryptoShuffler by double and triple checking what wallet they’re sending funds to. CryptoShuffler will only swap out addresses—it doesn’t have the power to engage transactions.
Exploits Growing in the Crypto Space
For as much adoption as the crypto community’s seen in 2017, it’s endured its fair share of malicious agents’ agendas, too.
North Korea, for one, has been ramping up its cryptocurrency-related cybercrimes in 2017, being responsible for a series of cyberattacks against three exchanges in South Korea since May. Specifically, North Korean hackers deployed “Hangman” and “Peachpit” malwares against these exchanges.
On the one hand, North Korea’s clearly intentionally sowing discord in South Korea’s markets.
Alternatively, though, North Korea would greatly benefit from the numerous illicit possibilities that would come along with commandeering a crypto exchange—from draining users’ wallets to laundering illegal cash.
As it stands, the premature, somewhat lax nature of the space makes it an ideal soft target for both state actors like North Korea and smaller, non-state hacker consortiums alike.
Something of the latter kind apparently targeted Coinbase.com just weeks ago, as Forcepoint announced on August 29 that they’d discovered Trickbot malware was targeting Coinbase users’ wallets.
And of course, the WannaCry ransomware attack rose to infamy over summer 2017, as the malware encrypted users’ computers until a BTC ransom totaling $300 was paid.
If anything’s clear, then, it’s that blackhat hackers are turning their attention to the crypto craze just like the rest of us—a dynamic that won’t change anytime soon.