Monday, February 17, 2025
HomeCryptocurrency hackCryptocurrency wallets Hacked by "CryptoShuffler" Trojan & Stole $140,000 From Many Wallet...

Cryptocurrency wallets Hacked by “CryptoShuffler” Trojan & Stole $140,000 From Many Wallet ID

Published on

SIEM as a Service

Follow Us on Google News

A newly discovered Trojan called “CryptoShuffler” stole around $140,000 from cryptocurrency wallets by replacing the Original Wallet address with another and transfer into attacker wallet.

Once CryptoShuffler spots the address of a cryptocurrency wallet, it will intrude the victim’s wallet at the time of transaction and replace the attacker wallet address.  as a result, the cryptocurrency will be Transferred into attacker Wallet address instead of the User intended recipient wallet ID.

According to Kaspersky, The malware has been around since last year and has been targeting many popular cryptocurrencies including Bitcoin, ZCash, Ethereum, Monero, among others.

Cryptocurrencies Malware evolving with much more capabilities even it has targeting android using aswell directly from Google play store.

The safest way to store cryptocurrency is through a hardware or paper wallet. We recommend reading this cryptocurrency wallets guide by TotalCrypto to learn more about safe storage options.

The basic format of  Crypto currency transaction, if a user wants to transfer crypto coins to another user,  they need to know the recipient’s wallet ID ,a unique multi-digit number.

In This case ,CryptoShuffler Trojan monitor the device’s clipboard, utilized by users when making a payment and it will replace the malware authors wallet ID in software address line.

Also Read: Dangerous Crypto Currency Mining Malware Apps Found on Google Play Store

Eventually, it will be replaced by the malware author’s wallet ID when user pasting the ID of original user recipient and finally attacker wallet ID and send the money to attacker wallet.

Victims will be having no idea about this malicious activities by this CryptoShuffler Trojan while making the transaction.

Till now this Malware author earned 23 BTC about $140,000 at the current exchange rate in Dollar.

The other cryptocurrency wallets belonging to CryptoShuffler’s creators were found to contain sums ranging from tens to thousands of dollars.It took the Trojan a little more than a year to collect that money. Peak activity in late 2016 was followed by a slump, but then in June 2017, CryptoShuffler reawakened. Kaspersky Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection

Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between...

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...