In July of this year, a newfound malicious campaign was reported by Fortiguard Labs. The campaign is called Bitcoin Stealer, and has been responsible for stealing around $60,000 of bitcoin. Back in April, researchers from Fortiguard Labs discovered a threat for which they initially thought was Jigsaw ransomware, however, after a more in-depth look, they found that the threat, “BitcoinStealer.exe,” did not, in fact, act like ransomware.
Unlike ransomware, the Bitcoin Stealer threat utilizes an executable in order to monitor clipboard content of the affected machine for indicators of a bitcoin address. When it locates one of these addresses, the malware then replaces that replicated bitcoin address with a different one containing similar strings at both the beginning and the end of that wallet address. By utilizing this method, the malware essentially infuses itself directly into bitcoin transactions and then, fools users into transferring cryptocurrency to the wallet of the cybercriminal using Bitcoin Stealer.
Techopedia reported that these malware programs are a prime example of clipboard hijacking, which is a cyberattack where hackers alter clipboard content in order to direct unassuming browser users to a malicious site. Another method, called “pastejacking” is used by hackers to interfere with commands that have been copied from a browser and then pasted into the workstation.
Cyber attackers have been targeting clipboards to embezzle cryptocurrency and/or redirect websurfers to malware for a long time. Security experts need to take necessary action in order to protect establishments against clipboard-modification incidents.