Home » Hackers strike again by hiding malware in a fake trading app to steal user’s crypto

Hackers strike again by hiding malware in a fake trading app to steal user’s crypto


Security examiners have discovered a knock-off crypto currency trading website programmed to steal the monies of unsuspecting victims.

Cyber criminals have designed a website that copies the Cryptohopper, a crypto currency trading platform to share malware that could siphon personal data, hijack the user’s clipboard, and crypto jack the user’s system, as reported by Bleeping Computer. It seems to have aided hackers in amassing a kitty of over $260,000 in several cryptocurrencies.

When unwitting users visit the knock off Cryptohopper website, their computer system will download and execute a harmful file called Setup.exe automatically. On the surface, everything appears legitimate, but in reality, the file is actually a Trojan.

After it has successfully executed, the Trojan installs 2 additional viruses. The first one acts as a miner for cryptocurrency, while the other acts as a clipboard hijacker. With this in place, the hackers earn virtual coins by using your system as a miner, at the same time they’re also stealing addresses, usernames, passwords, and several other sensitive data that users copy on their clipboard.

According to these security researchers, the malicious malware doesn’t just stop there, it goes further by trying to steal payment information, browser cookies, cryptocurrency wallets, login credentials, two-factor authentication data and auto fill data.

The clipboard hijacker section seems to have given the hackers some level of success already, as several victims have fallen prey to the malware.

Here’s how it works, the moment a user copies a crypto wallet address to the clipboard on their computer, the hijacker lies in wait and immediately replaces the address with a crypto wallet of their own. The user unknowing sends the crypto to the hacker instead of to the designated wallets, hence the user’s funds is lost.

That said, security researchers for now cannot say how much these hackers have been able to steal within the timeframe the breach was undiscovered. What they’ve been able to identify so far is the wallet the hackers have been using to circumvent user funds and they hold a substantial sum in crypto.

Credit: Bleeping Computer

Clipboard hijack addresses

So far, with what security specialists have been able to get, the hackers have stolen an estimated $260,000 in an assortment of cryptocurrencies. Most of their exploits have been with Bitcoin so far as they’ve earned more than $257,000 USD. Although, it’s hard to say which of these was gotten from hijacking clipboards.

Hiding crypto stealing viruses within seemingly genuine sources is actually not new and this is very disheartening.

Last year, distributors of malware hid cryptocurrency mining malware inside updates for Adobe Flash. Hackers used a related tactic some time ago, where malicious malware was hidden in genuine Windows installation files.

To avoid this, make sure you are downloading you updates from genuine sources and not third parties. With the clipboard hijackers in place now, it doesn’t hurt to cross check the crypto wallet addresses after copy pasting them from your clipboard.

Source: https://thenextweb.com/hardfork/2019/06/06/cryptocurrency-malware-clipboard-hijack/

About the author

Jo Arazi

Jo Arazi

Jo is a seasoned writer and analyst of the cryptocurrency market with several years of experience writing for various blogs and websites worldwide. He has worked with several crypto startups and is a supporter of credible crypto projects worldwide.

Add Comment

Click here to post a comment

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.