New malware steals bitcoins using a technique that modifies the clipboard contents of an infected machine.
In July 2018, Fortiguard Labs reported a new malicious campaign, Bitcoin Stealer, which is currently responsible for around $ 60,000 in bitcoins. The FortiGuard Labs researchers initially encountered a threat that initially corresponded to several specific rules of Jigsaw ransomware in April 2018.
However, a closer look revealed that the threat, which contained the name of the assembly "BitcoinStealer.exe" did not behave like ransomware at all.
Like users of tricks for note hippies
Bitcoin Stealer uses an executable instead to monitor the contents of an infected computer's clipboard for signs of a bitcoin address. Assuming you find one, Bitcoin Stealer replaces the bitcoin address copied with one that has similar strings at the beginning and end of its wallet address. Using this technique, Bitcoin Stealer injects itself into bitcoin transactions and causes users to send cryptocurrency to a cyberattacker-controlled portfolio behind malware.
Bitcoin Stealer is the latest threat that can monitor and change the contents of the clipboard – but it is not the first. The malware follows Evrial, which hit in January 2018, according to Bleeping Computer. It also follows CryptoShuffler, which has redirected $ 150,000 in the fall of 2017.
These thief programs are examples of hijacking notes, an attack methodology through which hackers change the contents of the clipboard to direct users of the browser to a malicious site, according to Techopedia. It is also known that bad actors use a tactic called "paste" to interfere with commands copied from a web browser and pasted into the terminal.
How can security professionals protect against clipboard editing attacks?
Digital attackers have a long history of clipboard targeting to steal cryptocurrency or redirect users to malware. Therefore, security professionals must take steps to protect organizations from these types of clipboard editing attacks.
In addition to searching for and blocking known impairment indicators (IOCs) for threats such as Bitcoin Stealer, IBM Security experts recommend installing updated antivirus software on all workstations. They also stress the importance of awareness training for security, which teaches users to cross-reference between sender and recipients (among other things) and the integration of automatic learning in virus protection defenses.
Sources: Fortinet, Techopedia, Bleeping Computer