BSV
$58.4
Vol 72.62m
-5.39%
BTC
$102510
Vol 105723.97m
-1.99%
BCH
$487.52
Vol 637.35m
-7.29%
LTC
$110.3
Vol 1919.61m
-8.19%
DOGE
$0.36
Vol 6862.24m
-5.69%
Getting your Trinity Audio player ready...

Crypto enthusiasts, you’ve been warned. A technical support site, Bleeping Computer (BC), is sending a loud message to users to double-check cryptocurrency wallet addresses before sending transactions due to a serious issue with a particular piece of malware. The malware is able to redirect transactions and its creators are said to now be monitoring over two million cryptocurrency addresses.

According to a notice on the company’s website, the malware is able to monitor Windows Clipboard to check for crypto wallet addresses. BC founder and computer forensics scientist Lawrence Abrahams explained, “This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control.”

BC also indicated that the malware could be monitoring up to 2.3 million addresses, all of which are at risk of being replaced by addresses that are controlled by the hackers. The malware sits in the background with no evidence that it is running, making it extremely difficult to know that a computer has been infected.

“…[It] is important to always have an updated antivirus solution installed to protect you from these types of threats. It is also very important that all cryptocurrency users to double-check any addresses that they are sending cryptocoins to before they actually send them,” said Abrahams.

The Windows Clipboard malware has been seen in the past. However, it now is making a comeback and spreading deeper. This latest version was hidden in an executable called ‘All-Radio 4.27 Portable.’ The actual program is legitimate; however, the malware authors copied it and created a fake version that includes the virus. After the application is installed, a DLL file called d3dx11_31.dll is downloaded to the Windows Temp folder and another file called ‘DirectX 11’ is queued to run the DLL as soon as a user logs onto the computer.

A video on how the infection works can be found on YouTube. While it is possible to remove the infection, the process is not an easy one and could require specialized technical assistance to ensure that all traces of the malware are removed from an infected machine.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement