On June 30, 2018, the cybersecurity newssite Bleeping Computer  revealed a new form of “cryptojacking” involving a simple Windows Clipboard-based software that has affected millions of cryptocurrency users.

Ctrl C + Ctrl V

Cryptocurrency addresses are impossible to remember easily, especially if a person has multiple alphanumeric string addresses in their wallet. During transactions, a user may copy their address from a stored file on their computer and paste it online on a wallet or exchange. However, a group of attackers have identified this behavioral fallacy and created a malware to exploit such users.

Called “CryptoCurrency Clipboard Hijackers,” the malware monitors a victim computer for cryptocurrency addresses saved on the Clipboard software, and in case detected, swaps the address with one they control.

Compared to other types of malware, the Clipboard hack is reasonably easy to circumvent, as a person could double-check and notice an error in the address and cancel the transaction.

2.3 Million Users Affected

Such malicious Clipboard-based software is not a wholly-new attack, as they have affected a few hundred thousand computers at the most in the past. However, in comparison, the CryptoCurrency Clipboard Hijacker has affected a staggering 2.3 million cryptocurrency addresses according to estimates.

A string of affected addresses.
(Source: Bleeping Computer)

As stated, the malware runs a Dynamic-Link Library (DLL) and downloads a d3dx11_31.dll to the victim’s Windows Temp folder. Subsequently, a “DirectX 11” will autorun when the user logs into the computer and automatically runs a “rundll32 C:\Users\[username]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded” command.

Rundll32.exe
(Source: Bleeping Computer)

Protective Measures

Cryptocurrency adoption is propelled mainly as a speculative vehicle rather than a means-of-payment or a robust store-of-value. Due to this, users trust their funds with cryptocurrency exchanges and do not exercise essential security practices, as a result of which, nefarious characters get several opportunities to exploit vulnerabilities which range from hacking associated emails to installing illicit mining software.

While most malware runs in the background with no indication of its existence; an updated antivirus software, a brief check of RAM at particular time periods, and other necessary security measures can protect users for good. Double-checking addresses is another healthy way to spot potentially spoofed entries.

The post 2.3 Million Bitcoin Users Affected in Windows Clipboard Malware appeared first on BTCMANAGER.

Source and More information: 2.3 Million Bitcoin Users Affected in Windows Clipboard Malware

Author: BTCManager.com