New Bitcoin And Crypto Hack Is Targeting Users
There are many different ways to steal cryptocurrencies, and users should be aware of it. Do not trust low volume and low liquidity centralized exchanges. Be careful with phishing scams and similar attempts to steal your coins.
But a new method is threatening users and cryptocurrency enthusiasts. This time, a new cryptocurrency crime can be carried out via clipboard, and it is not a joke. It is important to be very careful every time users process transactions, because hackers are improving their methods and attacks.
Indeed, when you copy and paste addresses to send BTC or any other virtual currency, it is always advised to double check the address where it is sent. Even a small change in a letter or a number of the address could send all the funds you are trying to transfer to another person.
But It Is Important To Know How These Addresses Work
Every single time you want to send some funds using cryptocurrencies like Bitcoins, then you will have to enter the address that the other user provides to you. This address has been created from a public key encryption for which the user has the corresponding private encryption key.
The private key allows you to be the owner of these currencies, being able to send them or sell them. And if you want to hold them, you can also do it.
In order to pay someone or send some coins, it is an easy method to copy and paste the addresses. But crooks have found the way to steal funds even when they do not have your private keys, information or anything.
Stealers will only install a malware in your computer that will be scanning the clipboard every some time, searching for texts that look like cryptocurrency addresses. Once the the malware detects such activity, it will replace it with a similar text string that they have generated and directs the funds into their wallets.
If you do not realize that the address is changed, then you may be paying the dinner to another person. And due to the way in which cryptocurrencies work, there are no chances of receiving these currencies back.
The malware is known as Agent-AZHF and is packaged as a DLL file. DLL do not launch as applications on their own, but instead their work supporting other processes. Once the Agent-AZHF is loaded, then ti copies itself to the AppData folder and sets an autorun entry in the Windows registry.
Then, the malware starts examining the contents of the clipboard searching for some of these patterns:
These are the addresses of the most important virtual currencies in the market. If the malware is able to find a match in the clipboard text, then it will replace the matched text with another address related to hackers account.
But it is very interesting how they did it. They have a list of more than 2,000,000 bitcoin addresses that are used to find the closest match to the address it’s going to replace. In that way, the replacement is smooth and will not call so much the attention of he users.
Until now, the scammers where not able to make important amounts of money from this scam, fortunately. And it is also important to know that it couldn’t spread all over the world.
According to nakedsecrurity, the crooks were able to get just $6715 dollars in cryptocurrencies. But even when this does not seem to be the big amount that we are always used to see when hackers attack a cryptocurrency exchange, we are sure that these users that lost these funds are not having good moments now.
If you are copying and pasting addresses, it is always important to double check that they are correctly written. Do not blindly copy paste without checking two or three times before that this is the correct address.
At the same time, it is always important to have an updated anti-virus that would identify and delete all the risky DLLs. Furthermore, DLL files that arrive to your email should be marked as undesirables.