Security examiners have discovered a knock-off crypto currency trading website programmed to steal the monies of unsuspecting victims.
Cyber criminals have designed a website that copies the Cryptohopper, a crypto currency trading platform to share malware that could siphon personal data, hijack the user’s clipboard, and crypto jack the user’s system, as reported by Bleeping Computer. It seems to have aided hackers in amassing a kitty of over $260,000 in several cryptocurrencies.
When unwitting users visit the knock off Cryptohopper website, their computer system will download and execute a harmful file called Setup.exe automatically. On the surface, everything appears legitimate, but in reality, the file is actually a Trojan.
After it has successfully executed, the Trojan installs 2 additional viruses. The first one acts as a miner for cryptocurrency, while the other acts as a clipboard hijacker. With this in place, the hackers earn virtual coins by using your system as a miner, at the same time they’re also stealing addresses, usernames, passwords, and several other sensitive data that users copy on their clipboard.
According to these security researchers, the malicious malware doesn’t just stop there, it goes further by trying to steal payment information, browser cookies, cryptocurrency wallets, login credentials, two-factor authentication data and auto fill data.
The clipboard hijacker section seems to have given the hackers some level of success already, as several victims have fallen prey to the malware.
Here’s how it works, the moment a user copies a crypto wallet address to the clipboard on their computer, the hijacker lies in wait and immediately replaces the address with a crypto wallet of their own. The user unknowing sends the crypto to the hacker instead of to the designated wallets, hence the user’s funds is lost.
That said, security researchers for now cannot say how much these hackers have been able to steal within the timeframe the breach was undiscovered. What they’ve been able to identify so far is the wallet the hackers have been using to circumvent user funds and they hold a substantial sum in crypto.
Credit: Bleeping Computer
Clipboard hijack addresses
So far, with what security specialists have been able to get, the hackers have stolen an estimated $260,000 in an assortment of cryptocurrencies. Most of their exploits have been with Bitcoin so far as they’ve earned more than $257,000 USD. Although, it’s hard to say which of these was gotten from hijacking clipboards.
Hiding crypto stealing viruses within seemingly genuine sources is actually not new and this is very disheartening.
Last year, distributors of malware hid cryptocurrency mining malware inside updates for Adobe Flash. Hackers used a related tactic some time ago, where malicious malware was hidden in genuine Windows installation files.
To avoid this, make sure you are downloading you updates from genuine sources and not third parties. With the clipboard hijackers in place now, it doesn’t hurt to cross check the crypto wallet addresses after copy pasting them from your clipboard.