Tech 8 March 2018

Erik Gibbs

Windows Clipboard the new target for crypto hackers

Windows users beware. There’s a new threat making its way through email called ComboJack, and it’s stealing cryptocurrency.

It has been targeting computers in both Japan and the United States, making off with digital coins during transactions. The malware hides in the background, waiting for a user to send coins, at which time it steals the wallet address. Since the addresses are a long series of numbers and letters, most users simply copy and paste the address in transactions, which is when ComboJack puts itself to work.

The malware was first uncovered by researches with Palo Alto Networks (PAN). ComboJack is a variation of another crypto thief called CryptoJack. When the wallet address is copied, it is replaced with the address of the hacker’s wallet. Victims don’t realize what has happened and, according to the platform managing the transaction, the transfer appears completely legitimate.

ComboJack is the latest in a series of coin thieves. CryptoShuffler was the first instance of a wallet pickpocket last year, but it was centered only on legacy Bitcoin (BTC). ComboJack works to steal BTC, Ethereum, Monero, Litecoin, and a number of other digital assets. The easiest way to avoid an infection is to never open email attachments from untrusted sources.

PAN issued a report detailing how the malware is promulgated. A user will receive an email regarding a lost passport. The email is accompanied by an attachment containing the virus cloaked as a scanned passport in PDF. Once the PDF file is opened, users find only a single line of text requesting that he or she open an embedded document. That secondary document contains the remote code to infiltrate a Windows security flaw.

The remote code downloads a two-part file to the target machine. One part is a self-extracting executable, and the other contains password-protected components used in the creation and installation of ComboJack. A Windows tool built into the executable gives the thief system-level privileges, which it then uses to edit the computer’s registry to keep running in the background. At half-second intervals, ComboJack will check the Windows clipboard looking for a wallet address.

Hopefully by now most computer users know better than to open attachments from unknown or untrusted sources. If an email looks suspicious, it probably is, and should simply be deleted. Viruses attached to emails have been used since David L. Smith’s ‘Melissa’ virus in 1999 caused $1.2 billion in damages and losses, and are continuously more sophisticated. Remember, it’s highly unlikely that “Aunt Sally” is going to send pictures of her parasailing trip, especially if you don’t have an Aunt Sally.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

How Metanet creates an immutable Internet

Tech 15 February 2019

How Metanet creates an immutable Internet

Metanet and Bitcoin were roughly conceived “in the depths of the late 90s” from the concept of an economically incentivized Internet, according to nChain Chief Scientist Dr. Craig Wright.

Read More
HSBC slashes forex costs with blockchain

Tech 15 February 2019

HSBC slashes forex costs with blockchain

The firm confirmed it had reduced costs for its forex business by as much as 25%, in what analysts describe as an example of the importance of distributed ledger technology to banks and their bottom lines.

Read More
UC Berkeley launches blockchain accelerator for startups

Tech 14 February 2019

UC Berkeley launches blockchain accelerator for startups

The University of California, Berkeley recently announced the launch of a new blockchain-focused accelerator, the Berkeley Blockchain Xcelerator for blockchain startups.

Read More