ComboJack Malware Steals Users Crypto Funds Via Copy/Paste Clipboard

Beware, cryptocurrency investors, there is a newly discovered malware trying to steal your money. ComboJack is a new malware which was created to steal Bitcoin, Litecoin, Ethereum and Monero, some of the most popular cryptocurrencies.

How ComboJack Steals Your Cryptocurrency

This malware is delivered by phishing emails and it replaces the address of the wallet that you are trying to send money to the address of the hacker who created the malware. Most people do not check the address of the wallets that they are sending money to (or even their own address)

While it sounds simple to spot the action of ComboJack, cryptocurrency addresses are far from simple and, unaware of the action of malware like ComboJack, many people do not take the necessary precautions. ComboJack is also targeting other digital payment systems which do not use cryptocurrency like WebMoney and Yandex Money (but not PayPal).

How Researchers Uncovered ComboJack

Cybersecurity researchers at Palo Alto Networks discovered ComboJack by chance. They were observing phishing campaigns which were targetting users from the United States and Japan when they found many emails related to the malware.

The emails state that a passport has been misplaced and ask the user to open a .RTF document and check if they know the person who lost the passport. As soon as the victim opens the file inside the .RTF file, an exploit of the Windows system allows the creators of the malware to use commands to download and execute ComboJack, which allows the attacker to execute Windows processes with Admin privileges without the user even seeing anything.

Simple tactics like this one, researchers note, are highly effective. During 2017, both the Dridex trojan and the Locky ransomware were two very successful malware campaigns which used a very similar strategy.

There are many other malware which are similar to ComboJack. CryptoShuffler, for instance, uses a very similar protocol for acting. Palo Alto Networks states that both malware are probably not related, though.

The researchers also state that the fact that cryptocurrency wallet addresses are very long and complex, so it is very common for users to just copy them exactly because they could lose their money mistaking a single character.

How To Protect Yourself From ComboJack

ComboJack uses a Windows 10 exploit which was patched during September 2017 by Microsoft, so keeping your computer always updated is a great way to be protected from this and many other malware programs. Not responding and/or opening emails from unknown sources is also a good way to be protected from ComboJack and similar programs. You should always double check your wallet address before making transactions.