Cyber-criminals have once again violated the Cryptocurrency Security. So says a report published by Bleeping Computer researchers who claim to have detected the illegal monitoring of at least 2.3 million Bitcoin user wallets. What is the source of this new threat? A malware from the Pastejacking family.
Cryptocurrency Clipboard Hijacking is the name of this malicious code; and as its name suggests, its main function is to hijack the Windows’ user clipboard to redirect funds from a monitored Bitcoin account to one controlled by the hacker responsible for the attack.
The amount of funds that have been illegally extracted from these Bitcoin wallets is still inexact. We can only be sure that this attack represents a powerful reason to further enhance cryptocurrency security.
Read on and get more information about this threat including its scope; and the best actions you can take to protect your cryptocurrencies.
The Clipboard Hijacking: A rising threat
The use of cryptocurrency for commercial transactions has become significantly popular in recent years. As a result: the number of users who are determined to put their trust in this system to support their financial resources; is increasing every day.
Unfortunately, this new technology has also become attractive to cyber-criminals of all kinds; who have driven the creation of new digital threats aimed at extracting crypto-assets illegally.
However, we cannot say that the Clipboard Hijacking represents a new threat; but rather that it is an old malicious code with reoriented objectives.
As early as 2008, Adobe Flash warned its users about a new malware that was taking over the clipboard so that once a user had copied a text from an infected page when pasting it into another web; a link to an infectious software download site replaces the information. This fake antivirus that promised to remove all threats from users’ computers; was actually a malicious program aimed at collecting sensitive data.
Since then, this threat, also known as Pastejacking; has modified its functioning and focused its objectives in stealing resources from cryptocurrency wallets.
Many attacks have taken place in recent years; however, this one has particularly attracted attention because of its scope. Considering the average range of a Pastejacker’s scanning is 400,000 to 600,000 cryptocurrency wallets; the 2.3 million wallets of Bitcoin users illegally monitored by the Cryptocurrency Clipboard Hijacking represent an enormous amount.
How exactly does it work?
One of the most relevant complications with Bitcoins transactions is the long addresses that users must use to transfer funds. As a result, many of them simplify the operation by cutting and pasting the bitcoin target address. Some hackers discovered this trend; and decided to exploit this cryptocurrency security vulnerability through Pastejacking.
The Cryptocurrency Clipboard Hijacker, in particular; infects a computer through a package called All-Radio 4.27 Portable. Then it runs a Dynamic Link Library (DLL) to download a d3dx11_31.dll file to the Windows Temp folder.
In this way, this malicious code identifies a Bitcoin address when a user copies it. After that, the Malware replaces the address in the Windows’ clipboard with another controlled by the software malicious part. After that, the address is pasted by the unwary users and the money transferred to the thief’s account.
I have been a victim of this attack: What should do?
The first thing you should do before looking for possible solutions to remove the Pastejacker is to confirm the existence of the file All-Radio 4.27 Portable. Once you have confirmed this; make sure to delete it completely from your systems. You will have to do it manually as an antivirus will only be able to help you partially remove it. After this, verify by using a notepad; that the information you copy and paste is not switched.
If the problem persists, the most effective thing to do is to reinstall Windows from scratch. Before doing this; it is imperative to ask for professional help to ensure the integrity of your data and the successful reinstallation.
Once you completely remove the Malware and ensure the protection of your computer; we recommend you to modify any passwords you think you used while your PC was exposed.
The infection comes as a result of neglecting some attack vectors related to your cryptocurrency security. So if you want to prevent future attacks, we suggest you follow these recommendations to help you shield your computer from infectious software.
7 tips to ensure Cryptocurrency Security:
#1 First of all, you should remember not leaving all the work to Blockchain
Although this technology works incredibly well in ensuring the cryptocurrency security; it cannot protect us from ourselves. The user is the main agent of protection of his crypto-assets; so he must take all necessary measures to protect them. This includes applying double checking Bitcoins addresses before transferring funds.
#2 Make sure you have an updated and protected operating system.
You can easily guarantee the cryptocurrency security if you use an operating system less susceptible to attacks; such as Linux or Unix.
#3 Purchase a security solution with comprehensive features
It should perform essential tools like vulnerability scan and firewalls.
#4 Do not execute crypto transactions from different devices
Try to use a single personal use device and a unique secure network when completing your operations.
#5 Change your passwords periodically.
And make sure they differ widely from each other.
You can do it by enabling browser extensions to block unsafe websites.
#7 Consider distributing your assets in several encrypted wallets
As a measure to ensure cryptocurrency security; you can encrypt your personal computer data or just the folders containing your crypto files.
Do you need to enhance the security of your organization? At GB advisors, we are aimed to help you protect what is important to you. Get the best security solution for your systems. Contact us and choose the tool that best suits your needs through our expert advice.