Cybercriminals Are Monitoring Over 2.3 Million Cryptocurrency Addresses, Report Warns

Francisco Memoria
  • Clipboard hijackers looking for cryptocurrency addresses are increasingly becoming a menace.
  • One hijacker was found to be monitoring a 2.3 million address database.

Cybercriminals are currently monitoring over 2.3 million cryptocurrency addresses, so they can trick users into sending them money without realizing they did so, according to a recent report warning against clipboard hijackers.

According to Bleeping Computer, cryptocurrency clipboard hijackers are types of malware that scan users’ clipboards waiting for them to copy a cryptocurrency address. Once they do, they change it to that of the malware’s owner.

If the user doesn’t double check his address after pasting it, the transaction will be sent to the cybercriminal, and not to its intended recipient. While various strains of this malware have been found monitoring anywhere between 400,000 and 600,000 addresses, a new one seemingly monitors 2.3 million.

Bleeping Computer created a video to show how this type of malware works.

Notably the malware seemingly doesn’t alter addresses contained in a string of text, and if various addresses are copied it only replaces the last one. Explaining how the malware itself works, the news outlet’s report reads:

This infection was spotted as part of the All-Radio 4.27 Portable malware package that was distributed this week. When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called "DirectX 11" will be created to run the DLL when a user logs into the computer.

Bleeping Computer

Various legitimate programs on Windows machines run the same way the malware does, meaning only experienced users – or those who’ve been wronged – are likely going to notice they’ve been infected.

To protect yourself from these clipboard hijackers, experts suggest using a trusted antivirus solution and keep on double-checking addresses copied and pasted, in order to spot if they’ve been replaced.

As CryptoGlobe recently covered, a similar type of malware was found replacing copied Bitcoin and Ethereum addresses to steal user’s funds. At press the Ethereum address associated with that type of malware is still active, and has moved over 10 ETH, worth about $4,500.

Earlier this year, cybersecurity firm Carbon Black revealed that criminals have stolen over $1.1 billion worth of cryptocurrency this year, with moves like these, which seemingly aren’t too hard to pull off.