Evrial Trojan Switches Bitcoin Addresses Copied to Windows Clipboard

[Crytptohack]

This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.

[1714654067]

1714654067

[1714654067]

1714654067

[Aura]

Are you referring to the virus that adjust your clipboard to when it detects that you copied a Bitcoin address? Or is this a new sort of malware that targets specific wallet clients?

[13abyknight]

This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.

Again, even though I had prior knowledge about this, thanks for the heads up. Everyone should definitely resort to double checking addresses before sending/receiving funds.

Are you referring to the virus that adjust your clipboard to when it detects that you copied a Bitcoin address? Or is this a new sort of malware that targets specific wallet clients?

Pretty sure it just copies the address provided by the malware host (creator) to clipboard instead of copying the actual address you highlighted and yes, it works based on some sort of detection algorithm i.e only when Bitcoin addresses are trying to be copied. It targets everything from web browsers to wallet clients using a formgrabber.

[Crytptohack]

13abyknight pretty much answered the question.  When you highlight and copy the BTC recipients address, the copy goes to the clipboard on windows based computers. (Mac's are safe for now)  The hack is when you 'paste' what you think you copied, but it is the address to the hacker. (Pretty slick) 

One article that I read mentioned that this virus was for sale on criminal russian websites.

[darkangel11]

This is just for those that haven't heard of this issue. It appears that the virus is from Russian hackers and it changes the send BTC address to their own.

The easiest way to prevent it is what most people do already which is to check the first 3 digits/letters and the last 3 and make sure they match.

The best way to prevent it is to keep your machine clear. The trojan doesn't jump into your device out of nowhere. It is downloaded along with other software, inside a packed archive, a torrent executable, in a mail attachment. Get decent antivirus software, use official downloads for software, buy software instead of getting cracked versions from god knows where and avoid porn sites because they're full of trojans. I know it's hard, especially the last one, no pun intended, but at least use a different device from the one that's holding your money.

[rosecuppy123]

is there anybody who has got affected by this trojan ?