Crypto users have been targeted by malware for years now. With crypto becoming increasingly popular, cyber criminals have continued to invent new and more advanced ways to steal them. And now there is a new one that swaps an intended crypto address for one that belongs to the attacker. While it’s not the first such malware type, it’s much more advanced than its predecessors and is harder for users to notice.
One More Way to Lose Your Crypto
The rise of digital currencies brought with it a renewed appetite by cyber criminals to steal users’ crypto assets. These criminals have turned to various methods which include attacks on crypto exchanges in which millions of dollars worth of crypto has been lost. Others have hacked users’ computers and demanded the ransom to be paid in crypto since they are fairly anonymous. And yet others have hacked users’ computers, and with many users not taking their online security seriously, they have had their credentials stolen and lost their crypto assets as a result.
Cryptocurrency clipboard hijacking is among the latest methods that criminals have turned to, and it’s working. According to a report by the Chinese internet security company Qihoo 360, a malware known as ClipboardWalletHijacker infected over 300,000 computers in June. The malware was, however, not so successful, and only managed to collect $800 worth of Bitcoin. No Ether was stolen.
The latest malware is more advanced, and according to tech site Bleeping Computer, it monitors over 2.3 million crypto addresses. Previously, such malware only monitored a maximum of 600,000 addresses. Once installed on a user’s computer, it is almost impossible to detect as it runs in the background.
Crypto addresses are usually long and combine both digits and letters, making them almost impossible to remember. Many users therefore copy the addresses and paste them whenever they send crypto. The malware is designed to detect every time a user copies a crypto address on the clipboard. It then switches the intended address with one of the addresses belonging to the hackers. With most users not bothering to countercheck the address due to its length, they end up sending the crypto to the criminals.
While it’s not possible to be completely immune to such attacks, there are some steps one can take to protect him or herself. One is to check one’s crypto address once they paste it. While this may seem like a big inconvenience as the addresses are long, it could save one from losing their hard-earned money. Another way to protect oneself is by ensuring they have installed the latest version of their favorite antivirus software and that it’s always running, especially when online.
There is no shortage of malware and scams targeting crypto owners. According to EtherScamDB, there have been 4,468 scams in total that have involved Ether users. Out of these, 720 are still active and continue to take advantage of less-informed crypto users. One scam that has continued to trick people out of their cryptos is the fake giveaways that are usually propagated through social media platforms. The scammers usually have usernames that closely resemble key industry stakeholders such as crypto exchanges, startup founders and other industry leaders. Vitalik Buterin is one of the people whose name is used most by the scammers, so much so that he added “not giving way ether” to his Twitter username. These scammers ask people to send a certain number of Ether or Bitcoin and promise to multiply it and send it back to users. They are especially popular on Twitter and usually accompany tweets by the industry leaders themselves. While they are usually easy to spot, many have fallen for them, with one such scammer having reportedly made $5,000 in a day.
Image(s): Shutterstock.com