Hackers have developed malware to steal passwords and identifiers stored in the clipboard of their victims. Thanks to the data collected, these hackers were able to seize a jackpot of $ 24 million in cryptocurrency.
With the growing popularity of cryptocurrencies, due in particular to the good health of Bitcoin or Ethereum, hackers are increasingly interested in users’ digital wallets. This is why we have seen many scams and malware blooming in recent months devoted to the theft of cryptocurrencies, such as these fake USBs sent by the Post Office or even these 170 fraudulent Android applications dedicated to mining capable of emptying your savings. .
This time around, Avast computer security researchers are warning cryptocurrency owners against malware equipped with a clipboard stealing module from the MyKings botnet. “MyKings is a long-standing and relentless botnet that has been active since at least 2016 ″, assure Avast experts.
Read also: Cryptocurrencies – the Cinobi Trojan attacks digital wallets
They spy on clipboard to change digital wallet address
As its function indicates, the module takes care of monitor the clipboard of targeted users for specific content, such as digital wallet addresses. If they find the precious sesame, the malware allows hackers to modify the address saved in the clipboard. As it happens, they add the address of a wallet that belongs to them.
No longer do you have to wait for the victim to validate a transaction by copying and pasting the address of the digital wallet. As addresses are made up of a long chain of random letters and numbers, you must be particularly vigilant or know by heart the address of your digital wallet to realize that it has been changed.
This is why, despite this relatively simplistic approach, the operators of this malware have succeeded to divert transactions and recover with less than $ 24 million in cryptocurrency. “In response to this malicious activity, we want to increase awareness of such frauds and strongly recommend that people always double-check transaction details before sending funds ”, warn Avast researchers. This case recalls the operation of the WeSteal malware, which also exploited data stored in the clipboard to replace the addresses of digital wallets with those of hackers.