The crypto world is riddled with malware pitfalls created by bad actors looking for a free ride. Clipboard hijacking is just one of the many ways wallet addresses can be manipulated and its nothing new, but updated malware has recently been detected which is capable of monitoring 500 times as many addresses as viruses found in the past.
New Clipboard Hijacker can Monitor 2.3 Million Addresses
Transferring cryptocurrency requires long and hard to remember wallet addresses which most people simply copy and paste from one application to another. Hackers recognize that the average user does this and have created malware which monitors Windows clipboards for cryptocurrency addresses. When one is detected its swapped out for an address they control.
Unless a user is cautious and double checks the address, they copy and pasted the transaction is made to the hackers wallet and the sender is left with little recourse. This type of clipboard hacking malware has been around for a while but the virus in the past was capable of monitoring limited numbers of addresses, around 400 – 600. The site bleepingcomputer.com has reportedly detected an updated version of clipboard hijacking malware that puts its predecessors’ numbers to shame by monitoring 2.3 million addresses.
This infection was detected as part of the All-Radio 4.27 Portable malware package made available this week. When installed, a DLL named d3dx11_31.dll is downloaded to the Windows Temp folder and an autorun called “DirectX 11” will be created to run the DLL when a user logs into the computer. This DLL will be executed using rundll32.exe with the “rundll32 C:\Users\[user-name]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded” command.
To illustrate the way the malware monitors and replaces addresses from windows clipboard bleeping computer created this sample video.
Malware and Crypto Mining up 4000%
Malware of this kind runs in the computer’s background and gives no indication that it is processing which makes it difficult to uncover and flush out. Clipboard hijacking is only one of a host of viruses going around infecting not only computers but any IoT device. Reports show that malware hacks aimed at either stealing or mining cryptocurrency is up over 4000% from last year. It iss 2018 which means that your refrigerator can be spying on you or your smartphone may be mining Monero.
As anti-malware experts suggest, it is important to always have some form of the latest antivirus software installed and for cryptocurrency users check and double checking wallet addresses when making transactions should be part of the normal protocol.
Image from Shutterstock