INSUBCONTINENT EXCLUSIVE:
In what amounts to be an amazingly nefarious bit of malware, hackers have created an exploit that watches 2.3 million high-value crypto
wallets and replaces the addresses in the Windows clipboard with an address associated with the hackers
In other words, you could paste your own wallet address & 3BYpmdzASG7S6WrpmrnzJCX3y8kduF6Kmc, for example & and the malware would subtly (or
unsubtly) change it to its own private wallet
Because it happens in the clipboard most people wouldn&t notice the change between copying and pasting.
Security researchers at
BleepingComputer have found similar hijackers in the wild but this latest version is actively watching valuable wallets and trying grab
bitcoin as they enter the accounts
Below is an example of the malware at work.
The malware runs a massive, 83MB DLL file that masquerades as a Direct X service
Inside the DLL is a 2.5 million line text file full of bitcoin addresses
In the above test when cutting and pasting from an HTML page into WordPad you&ll notice that the accounts are subtly modified in each case
while leaving the beginning of the address unchanged.
Multiple anti-virus engines are now tagging this DLL as dangerous and you should be
safe as long as you keep your virus protection up to date
But, as BleepingComputer notes, the only way to be sure your BTC is safe is to meticulously check each address you paste
They write:
As malware like this runs in the background with no indication that it is even running, is it not easy to spot that you are
Therefore it is important to always have a updated antivirus solution installed to protect you from these types of threats.
It is also very
important that all cryptocurrency users to double-check any addresses that they are sending cryptocoins to before they actually send them
This way you can spot whether an address has been replaced with a different one than is intended
