Bitcoin Forum
September 18, 2018, 10:22:19 PM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses  (Read 115 times)
Lafu
Hero Member
*****
Online Online

Activity: 910
Merit: 640


www.cryptopia.co.nz


View Profile WWW
July 04, 2018, 11:26:44 PM
 #1

Found something interesting !

While cryptocurrency has seen tremendous growth over the past year, sending cryptocoins still requires users to send the coins to long and hard to remember addresses.
Due to this, when sending cryptocoins, many users will simply copy the address into memory from one application and paste it into another application that they are using to send the coins.

Attackers recognize that users are copying and pasting the addresses and have created malware to take advantage of this.
This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses,
and if one is detected, will swap it out with an address that they control.
Unless a user double-checks the address after they paste it, the sent coins will go to an address under the attackers control instead the intended recipient.

While we have covered cryptocurrency clipboard hijackers in the past and they are not new, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses.
This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses!

2.3 million cryptocurrency addresses being monitor by malware


How the infection loads

This infection was spotted as part of the All-Radio 4.27 Portable malware package that was distributed this week.
When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called "DirectX 11" will be created to run the DLL when a user logs into the computer.
This DLL will be executed using rundll32.exe with the "rundll32 C:\Users\[user-name]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded" command.



Rundll32.exe launching the infection


Protecting yourself from clipboard hijackers


As malware like this runs in the background with no indication that it is even running, is it not easy to spot that you are infected.
Therefore it is important to always have a updated antivirus solution installed to protect you from these types of threats.
It is also very important that all cryptocurrency users to double-check any addresses that they are sending cryptocoins to before they actually send them.
This way you can spot whether an address has been replaced with a different one than is intended.



            
                          
                    
                       ▄███████▄ 
                      ███████████   
                     █████████████   
          ▄████████▄  ███████████   
         ████████████  ▀███████▀  
        ██████████████ 
         ████████████  ▄████████▄  
          ▀████████▀  ████████████
                     ██████████████ 
                      ████████████
                       ▀████████▀
     

..Cryptopia..██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.★★★ Cryptocurrency Platform Services ★★★ 
...Exchange | Mineshaft |  Marketplace | Rewards | CoinInfo 
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.f. ▄████████████████████████████████████▄
████████████████████████████████████████
████████████████████████████████████████
█████████▀████████████▀▀▀▀▀██▀██████████
█████████  ▀████████          ▀█████████
██████████    ▀▀████          ██████████
█████████▀▀                  ███████████
██████████                  ▄███████████
███████████▀               ▄████████████
████████████▄▄▄           ▄█████████████
█████████▀▀▀▀         ▄▄████████████████
███████████▄▄▄▄▄▄▄▄▄▄███████████████████
████████████████████████████████████████
████████████████████████████████████████
 ▀████████████████████████████████████▀
       ███  ██
       ███  ██
  ██████████████
  ████████████████▄
  ▀▀▀█████▀▀▀▀███████
     █████     ██████
     █████▄▄▄▄█████▀
     ████████████████
     █████▀▀▀▀▀▀█████▄
     █████      ██████
     █████▄▄▄▄▄▄█████
  ███████████████████
  ██████████████
       ███  ██
       ███  ██
▄██████████████████████████████████▄
█████████████████████████████████████
█████████   ██████ █████   ██████████
███████                       ███████
██████                         ██████
█████                           █████
████                             ████
████       █████     █████       ████
███        █████     █████       ████
███         ███       ███        ████
███                              ████
████       ███         ███       ████
███████       ██████████      ███████
█████████████████████████████████████
 ▀█████████████████████████████████▀
1537309339
Hero Member
*
Offline Offline

Posts: 1537309339

View Profile Personal Message (Offline)

Ignore
1537309339
Reply with quote  #2

1537309339
Report to moderator
1537309339
Hero Member
*
Offline Offline

Posts: 1537309339

View Profile Personal Message (Offline)

Ignore
1537309339
Reply with quote  #2

1537309339
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537309339
Hero Member
*
Offline Offline

Posts: 1537309339

View Profile Personal Message (Offline)

Ignore
1537309339
Reply with quote  #2

1537309339
Report to moderator
1537309339
Hero Member
*
Offline Offline

Posts: 1537309339

View Profile Personal Message (Offline)

Ignore
1537309339
Reply with quote  #2

1537309339
Report to moderator
1537309339
Hero Member
*
Offline Offline

Posts: 1537309339

View Profile Personal Message (Offline)

Ignore
1537309339
Reply with quote  #2

1537309339
Report to moderator
vnck25
Member
**
Offline Offline

Activity: 364
Merit: 11


View Profile
July 04, 2018, 11:41:41 PM
 #2

Wow thank you for this information, I have heard many experts in cryptocurrencies advising and educating newcomers to always double check their sending bitcoin and other cryptocoin addresses before actually sending the funds.  But it seems like many do not double check after pasting the BTC address. Do you know if this malware can attack other operating systems like Mac OS and Linux? Again thank you for sharing this valuable information.

Lafu
Hero Member
*****
Online Online

Activity: 910
Merit: 640


www.cryptopia.co.nz


View Profile WWW
July 05, 2018, 12:04:53 AM
 #3

Do you know if this malware can attack other operating systems like Mac OS and Linux? 

Dont know at the moment but im looking for to get maybe more Information about all this !


            
                          
                    
                       ▄███████▄ 
                      ███████████   
                     █████████████   
          ▄████████▄  ███████████   
         ████████████  ▀███████▀  
        ██████████████ 
         ████████████  ▄████████▄  
          ▀████████▀  ████████████
                     ██████████████ 
                      ████████████
                       ▀████████▀
     

..Cryptopia..██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.★★★ Cryptocurrency Platform Services ★★★ 
...Exchange | Mineshaft |  Marketplace | Rewards | CoinInfo 
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.f. ▄████████████████████████████████████▄
████████████████████████████████████████
████████████████████████████████████████
█████████▀████████████▀▀▀▀▀██▀██████████
█████████  ▀████████          ▀█████████
██████████    ▀▀████          ██████████
█████████▀▀                  ███████████
██████████                  ▄███████████
███████████▀               ▄████████████
████████████▄▄▄           ▄█████████████
█████████▀▀▀▀         ▄▄████████████████
███████████▄▄▄▄▄▄▄▄▄▄███████████████████
████████████████████████████████████████
████████████████████████████████████████
 ▀████████████████████████████████████▀
       ███  ██
       ███  ██
  ██████████████
  ████████████████▄
  ▀▀▀█████▀▀▀▀███████
     █████     ██████
     █████▄▄▄▄█████▀
     ████████████████
     █████▀▀▀▀▀▀█████▄
     █████      ██████
     █████▄▄▄▄▄▄█████
  ███████████████████
  ██████████████
       ███  ██
       ███  ██
▄██████████████████████████████████▄
█████████████████████████████████████
█████████   ██████ █████   ██████████
███████                       ███████
██████                         ██████
█████                           █████
████                             ████
████       █████     █████       ████
███        █████     █████       ████
███         ███       ███        ████
███                              ████
████       ███         ███       ████
███████       ██████████      ███████
█████████████████████████████████████
 ▀█████████████████████████████████▀
sabine80
Member
**
Offline Offline

Activity: 378
Merit: 14

is crypto freedom?


View Profile
July 05, 2018, 01:24:12 AM
 #4

thanks for this warning. until just now i did not know that there is such a thing. can i infect my system with it when i visit a website or do i have to download something for that?

[   D E A L J O Y  -  instant crypto cashbacks   ]       //    Whitepaper    //
               ►►  JOIN ICO NOW  ◄◄   Earn Crypto by shopping online
Facebook    .    Twitter    .    Telegram    .    Medium    .    Reddit    .   
RGBKey
Hero Member
*****
Offline Offline

Activity: 812
Merit: 616


rgbkey.github.io/pgp.txt


View Profile WWW
July 05, 2018, 01:38:08 AM
 #5

Do you know if this malware can attack other operating systems like Mac OS and Linux? 

Dont know at the moment but im looking for to get maybe more Information about all this !

Most malware creators usually target Windows as it's more vulnerable, more hosts run it, and people that run it aren't as security conscious. It's usually not worth their time to target other OSes.

nonconformist
Full Member
***
Offline Offline

Activity: 360
Merit: 103


Priv Add: PAUi8f1dA4tv3UuiVA6vPXKzBfknK95Suy


View Profile
July 05, 2018, 01:43:46 AM
 #6

Thanks for the heads up mate. I knew nothing about this kind of malware until now. And this is rather alarming. Hackers are making cleverer and cleverer ways of getting all your cryptocoins as much as possible so it depends to us to not to be complacent and always double check everything and make sure our antivirus is always updated.

   ⚡⚡ PRiVCY ⚡⚡   ▂▃▅▆█ PRiVCY (PRIV) is a new PoW/PoS revolutionary privacy project  ☞ Best privacy crypto-market! █▆▅▃▂
    Own Your Privacy! ───────────────── WebsiteGithub  |  Bitcointalk  |  Twitter  |  Discord  |  Explorer ─────────────────
   ✯✯✯✯✯                 ✈✈✈[Free Airdrop - Starts 9th June][Tor]✈✈✈ ║───────────║ Wallet ➢ Windows  |  macOS  |  Linux
odolvlobo
Legendary
*
Offline Offline

Activity: 2240
Merit: 1135



View Profile
July 05, 2018, 02:33:19 AM
Merited by Lafu (1)
 #7

You neglected to include the URL of the original article: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/

Buy bitcoins with cash from somebody near you: LocalBitcoins
Buy stuff on Amazon at a discount with bitcoins: Purse.io
Join an anti-signature campaign: DannyHamilton's ignore list
pooya87
Legendary
*
Offline Offline

Activity: 1400
Merit: 1158


Buy bitcoin they said... who listened?


View Profile
July 05, 2018, 02:40:16 AM
 #8

i don't understand 1 thing though. why is it saying "monitors addresses"? does it have a database that matches the address you copy because that would be silly! the way these malware work is that they monitor your clipboard and when something enters it they just check to see whether it is a bitcoin address or not and it is very simple since the text has to be a valid base58 (and now Bech32) encoded string.

having a database for that is like having a database of 2.3 million numbers to check whether an input like 235513314955 is a number or not!

Lafu
Hero Member
*****
Online Online

Activity: 910
Merit: 640


www.cryptopia.co.nz


View Profile WWW
July 05, 2018, 04:14:04 AM
 #9


Edited  

Thank you for remind , forgot it sorry  !


            
                          
                    
                       ▄███████▄ 
                      ███████████   
                     █████████████   
          ▄████████▄  ███████████   
         ████████████  ▀███████▀  
        ██████████████ 
         ████████████  ▄████████▄  
          ▀████████▀  ████████████
                     ██████████████ 
                      ████████████
                       ▀████████▀
     

..Cryptopia..██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.★★★ Cryptocurrency Platform Services ★★★ 
...Exchange | Mineshaft |  Marketplace | Rewards | CoinInfo 
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
.f. ▄████████████████████████████████████▄
████████████████████████████████████████
████████████████████████████████████████
█████████▀████████████▀▀▀▀▀██▀██████████
█████████  ▀████████          ▀█████████
██████████    ▀▀████          ██████████
█████████▀▀                  ███████████
██████████                  ▄███████████
███████████▀               ▄████████████
████████████▄▄▄           ▄█████████████
█████████▀▀▀▀         ▄▄████████████████
███████████▄▄▄▄▄▄▄▄▄▄███████████████████
████████████████████████████████████████
████████████████████████████████████████
 ▀████████████████████████████████████▀
       ███  ██
       ███  ██
  ██████████████
  ████████████████▄
  ▀▀▀█████▀▀▀▀███████
     █████     ██████
     █████▄▄▄▄█████▀
     ████████████████
     █████▀▀▀▀▀▀█████▄
     █████      ██████
     █████▄▄▄▄▄▄█████
  ███████████████████
  ██████████████
       ███  ██
       ███  ██
▄██████████████████████████████████▄
█████████████████████████████████████
█████████   ██████ █████   ██████████
███████                       ███████
██████                         ██████
█████                           █████
████                             ████
████       █████     █████       ████
███        █████     █████       ████
███         ███       ███        ████
███                              ████
████       ███         ███       ████
███████       ██████████      ███████
█████████████████████████████████████
 ▀█████████████████████████████████▀
Welsh
Staff
Legendary
*
Online Online

Activity: 1358
Merit: 1362



View Profile
July 05, 2018, 05:21:56 AM
Merited by Lafu (1)
 #10

Thanks for the heads up mate. I knew nothing about this kind of malware until now. And this is rather alarming. Hackers are making cleverer and cleverer ways of getting all your cryptocoins as much as possible so it depends to us to not to be complacent and always double check everything and make sure our antivirus is always updated.
This malware has always existed. Plus, anti virus is generally useless, and only picks up things that they already have in their database. Any new malware will not be picked up. Just don't download dodgy shit, and you will be fine. If you have to download a client that you don't trust then download it within a virtual machine.
i don't understand 1 thing though. why is it saying "monitors addresses"? does it have a database that matches the address you copy because that would be silly! the way these malware work is that they monitor your clipboard and when something enters it they just check to see whether it is a bitcoin address or not and it is very simple since the text has to be a valid base58 (and now Bech32) encoded string.

having a database for that is like having a database of 2.3 million numbers to check whether an input like 235513314955 is a number or not!
Could be referring to checking addresses to see if they have any value in them or not. It's very unlikely that they have a database they can check.

ajuelnah akun
Newbie
*
Offline Offline

Activity: 140
Merit: 0


View Profile
July 05, 2018, 06:37:04 AM
 #11

I think most anti-virus software is not working properly, the anti virus only cleans the built-in app from a computer or phone but can not clean up viruses contained in new applications that have been downloaded on your computer or phone.
As with any virus that attacks the Messenger facebook app, even if you have anti virus on your computer or mobile phone, facebook still has to go in to clean it yourself.
doraemon_33766
Newbie
*
Offline Offline

Activity: 72
Merit: 0


View Profile
July 05, 2018, 07:47:28 AM
 #12

This is really terrific. Thanks for your warning about it. Many will be aware after seeing this post and I will request all to be very careful while dealing with the bitcoin address. Double and triple check it. Else you may fall a victim to this malware.
Welsh
Staff
Legendary
*
Online Online

Activity: 1358
Merit: 1362



View Profile
July 05, 2018, 10:48:41 PM
 #13

I think most anti-virus software is not working properly, the anti virus only cleans the built-in app from a computer or phone but can not clean up viruses contained in new applications that have been downloaded on your computer or phone.
As with any virus that attacks the Messenger facebook app, even if you have anti virus on your computer or mobile phone, facebook still has to go in to clean it yourself.
They are working properly, but people expect things from them which aren't possible. For example, like I mentioned above they only collect information from their known database, and check whether that application has been submitted as malware within their database. If it hasn't then they don't flag it, but if it does exist in their database they flag it.

Anti virus software doesn't have special permissions where it can take a look at a applications source code, and determine whether it's safe or not. It's a glorified spreadsheet with known extensions/applications that are malware. If you use common sense you can get away with using a anti virus.

8count
Full Member
***
Offline Offline

Activity: 420
Merit: 102


View Profile
July 06, 2018, 12:16:08 AM
 #14

Thanks for the heads up mate. I do usually double and triple check my address before sending, but there has been times I have been lazy or in a rush and just copy & pasted and sent. I'll be triple checking every time from now on.
blockaid.net
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
July 06, 2018, 12:25:21 AM
 #15

thanks for sharing this important info to crypto users here. we will be more alert in dealing with our crypto transactions and be vigilant on how we do things in the internet.
Remainder
Hero Member
*****
Offline Offline

Activity: 666
Merit: 502



View Profile
July 06, 2018, 12:27:22 AM
 #16

I was thinking before that this kind of malware will come out soon because we all do copy and paste of our bitcoin wallet and keys in order to access our account and someone just created it, this is so alarming and thanks for helpful information, we now be more careful on what we install on our pc units.

            █████████████████████████████████     █████████████████████████████████
           █████████████████████████████████     █████████████████████████████████
          █████████████████████████████████     █████████████████████████████████
         ███████
        ███████
       █████████████████████████████████
     █████████████████████████████████
      █████████████████████████████████     █████████████████████████████████
     █████████████████████████████████     █████████████████████████████████
                              ███████     ███████
                             ███████     ███████
  █████████████████████████████████     ███████
 █████████████████████████████████     ███████
█████████████████████████████████     ███████
██▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ████▀███████▀   ▀▀▀▄███ █
█ ███▌  ▀▀███▌       ▄███ █
█ ███▀               ████ █
█ ███▄              █████ █
█ ████▄            ██████ █
█ █████▄▄        ▄███████ █
█ ████▄       ▄██████████ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ████████████████▀▀█████ █
█ ███████████▀▀▀    █████ █
█ ██████▀▀▀   ▄▀   ██████ █
█ ███▄     ▄█▀     ██████ █
█ ██████▄ █▀      ███████ █
█ ███████▌▐       ███████ █
█ ████████ ▄██▄  ████████ █
█ ██████████████▄████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
██..JOIN SPORTSFIX..
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!