Repurposed Ransomware Nets $60,000 Replacing Users Copied Bitcoin Addresses

An old ransomware program has reportedly been modified to steal an estimated 8.4 Bitcoins, currently worth over $60,000, from unsuspecting users. The way the malicious program works is by altering BTC address copied to users’ clipboards to their own. This allows the attackers to redirect payments.

The attackers trick users into thinking that their transactions are associated with the intended addresses by using the same characters at the beginning and end of their cryptocurrency addresses as those the user copied.

Several security software products have detected the ransomware program as “file-locking malware” due to minimal changes made to its original code. This, despite the malicious script stealing users’ digital currency. Reportedly, there are other cryptocurrency-stealing programs being developed and posted in secret online forums.

Repurposed Ransomware

Researchers at Fortinet, a California-based cybersecurity company, have traced the cryptocurrency stealing malware’s origins back to a program called Jigsaw. Jigsaw was a ransomware program, discovered in April 2016, that hijacked users’ systems and threatened to delete their files if they did not pay a ransom in crypto.

Notably, the original Jigsaw ransomware program was first labeled BitcoinBlackmailer.exe and it locked the users’ desktop after encrypting their files. The locked screen also showed a picture of Billy the Puppet, a character from the horror film Saw.

Jigsaw is written in the C# programming language and its code has been widely shared online., Any bad actor with basic coding knowledge could potentially modify the malicious program to fit their agenda.

In this recent instance, the source code for the modified program actually mentions that it’s a “BitcoinStealer,” but this can only be seen by people who are able to reverse-engineer the cryptocurrency stealing script.

Notably, crypto malware replacing copied addresses is nothing new. As covered, a malware dubbed “ClipboardWalletHijacker” reportedly infected over 300,000 computers throughout the world to steal by tricking users who copied bitcoin and ethereum addresses.

Disclaimer

The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading cryptoassets comes with a risk of financial loss.

Repurposed Ransomware Nets $60,000 Replacing Users Copied Bitcoin Addresses

Repurposed Ransomware

Disclaimer

Related Articles

Altcoins Shine: $MANA, $BAT, $LDO See Large Inflows Despite Bitcoin’s Jitters

Bitcoin Price Headed to $650K? A Top On-Chain Analyst Justifies His Long-Term Price Target

Bitcoin Halving 2024: ‘Explosive Cocktail’ from Reduced Supply and Spot ETF Demand, Says Nexo Co-Founder

You Might Like

Most Read

AI Will Need ‘Trillions’ of Dollars of Investment in Infrastructure, Says BlackRock CEO Larry Fink

Solana ($SOL) Price Set to Climb Higher, Says Crypto Analyst Who Called 2018 Market Bottom

BlackRock’s iShares Bitcoin Trust Amasses $15 Billion in Total ETF Inflows

Bitcoin ‘Max Pain’ Incoming? Analyst Bluntz Warns of Short-Term Dip Before Rally

Why VanEck CEO Is Concerned About High and Unpredictable Transactions Fees on Bitcoin and Ethereum