BSV
$69.45
Vol 47.77m
2.09%
BTC
$91423
Vol 86082.55m
1.14%
BCH
$459.09
Vol 617.02m
3.24%
LTC
$89.12
Vol 1359.89m
-1.36%
DOGE
$0.37
Vol 9145.79m
1.68%
Getting your Trinity Audio player ready...

Crypto enthusiasts, you’ve been warned. A technical support site, Bleeping Computer (BC), is sending a loud message to users to double-check cryptocurrency wallet addresses before sending transactions due to a serious issue with a particular piece of malware. The malware is able to redirect transactions and its creators are said to now be monitoring over two million cryptocurrency addresses.

According to a notice on the company’s website, the malware is able to monitor Windows Clipboard to check for crypto wallet addresses. BC founder and computer forensics scientist Lawrence Abrahams explained, “This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control.”

BC also indicated that the malware could be monitoring up to 2.3 million addresses, all of which are at risk of being replaced by addresses that are controlled by the hackers. The malware sits in the background with no evidence that it is running, making it extremely difficult to know that a computer has been infected.

“…[It] is important to always have an updated antivirus solution installed to protect you from these types of threats. It is also very important that all cryptocurrency users to double-check any addresses that they are sending cryptocoins to before they actually send them,” said Abrahams.

The Windows Clipboard malware has been seen in the past. However, it now is making a comeback and spreading deeper. This latest version was hidden in an executable called ‘All-Radio 4.27 Portable.’ The actual program is legitimate; however, the malware authors copied it and created a fake version that includes the virus. After the application is installed, a DLL file called d3dx11_31.dll is downloaded to the Windows Temp folder and another file called ‘DirectX 11’ is queued to run the DLL as soon as a user logs onto the computer.

A video on how the infection works can be found on YouTube. While it is possible to remove the infection, the process is not an easy one and could require specialized technical assistance to ensure that all traces of the malware are removed from an infected machine.

Recommended for you

Sentinel Node upholds heightened security with 56M snapshots
CERTIHASH keeps up with its mission to offer enterprises heightened security for their data with BSV-powered Sentinel Node, recently registering...
November 14, 2024
ODHack 9.0: Better wallet, easy testnet coins for developers
OnlyDust's ODHack 9.0 hackathon event provides developers building on the BSV blockchain with new ways to test their applications without...
November 8, 2024
Advertisement
Advertisement
Advertisement