Thursday, July 18, 2024
EHA

Cryptocurrency wallets Hacked by “CryptoShuffler” Trojan & Stole $140,000 From Many Wallet ID

A newly discovered Trojan called “CryptoShuffler” stole around $140,000 from cryptocurrency wallets by replacing the Original Wallet address with another and transfer into attacker wallet.

Once CryptoShuffler spots the address of a cryptocurrency wallet, it will intrude the victim’s wallet at the time of transaction and replace the attacker wallet address.  as a result, the cryptocurrency will be Transferred into attacker Wallet address instead of the User intended recipient wallet ID.

According to Kaspersky, The malware has been around since last year and has been targeting many popular cryptocurrencies including Bitcoin, ZCash, Ethereum, Monero, among others.

Cryptocurrencies Malware evolving with much more capabilities even it has targeting android using aswell directly from Google play store.

The safest way to store cryptocurrency is through a hardware or paper wallet. We recommend reading this cryptocurrency wallets guide by TotalCrypto to learn more about safe storage options.

The basic format of  Crypto currency transaction, if a user wants to transfer crypto coins to another user,  they need to know the recipient’s wallet ID ,a unique multi-digit number.

In This case ,CryptoShuffler Trojan monitor the device’s clipboard, utilized by users when making a payment and it will replace the malware authors wallet ID in software address line.

Also Read: Dangerous Crypto Currency Mining Malware Apps Found on Google Play Store

Eventually, it will be replaced by the malware author’s wallet ID when user pasting the ID of original user recipient and finally attacker wallet ID and send the money to attacker wallet.

Victims will be having no idea about this malicious activities by this CryptoShuffler Trojan while making the transaction.

Till now this Malware author earned 23 BTC about $140,000 at the current exchange rate in Dollar.

The other cryptocurrency wallets belonging to CryptoShuffler’s creators were found to contain sums ranging from tens to thousands of dollars.It took the Trojan a little more than a year to collect that money. Peak activity in late 2016 was followed by a slump, but then in June 2017, CryptoShuffler reawakened. Kaspersky Said.

Website

Latest articles

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...

Cybercriminals Exploit Attack on Donald Trump for Crypto Scams

Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet...

New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites

HTTP Request Smuggling is a flaw in web security that is derived from variations...

Volcano Demon Group Attacking Organizations With LukaLocker Ransomware

The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles