The Merkle

Cryptocurrency Malware Education: CryptoShuffler

Cryptocurrency users all over the world are prone targets for cybercriminals. While that is a scary thought, it is also the harsh reality we have to deal with. We have seen various types of malware, Trojans, and wallet stealers surface over the past few years. CryptoShuffler is a Trojan horse which may prove to be even more dangerous than anything else we have come across so far.

CryptoShuffler is a Very Serious Threat

While most people may dismiss reports regarding cryptocurrency-stealing malware, there is no reason to do so whatsoever. In fact, there is good reason to pay attention to these developments. For all you know, you may be the next person to see money stolen due to some form of malicious software. Especially when it comes to the CryptoShuffler Trojan, there is a legitimate reason to grow concerned over what the future may hold for cryptocurrency enthusiasts.

More specifically, it seems this particular Trojan has been a cause of concern for Kaspersky Labs. The world-renowned security firm doesn’t issue warnings like this one if it doesn’t have a good reason to do so. Virtually every cryptocurrency wallet in the world is susceptible to CryptoShuffler right now, and no currency is safe whatsoever. Moreover, this Trojan has netted criminals at least US$150,000 worth of Bitcoin alone so far.

What this particular piece of malicious software does is replace the address on the user’s clipboard with a different cryptocurrency wallet address. For example, if you are sending money to and from an exchange, you may copy its address to your clipboard before entering it in your wallet. It is this copied address which is at risk of being replaced by the CryptoShuffler Trojan. As a result, once money is sent, it can’t be recovered unless there are no confirmations for the transaction yet. Even then, it becomes very difficult to negate transactions or overwrite them with the correct information.

So far, it seems this Trojan is capable of affecting both software clients as well as web-based interfaces. That in itself is pretty worrisome and should dissuade people from using their clipboard to transfer money in the first place. Cryptocurrencies are known for their QR-code based transactions, but it seems this functionality is being used less often than it should be. Not getting infected with this Trojan is also a good strategy, of course, but that is much easier said than done in most cases.

Detecting the malware on one’s computer isn’t easy either. Unlike most other malware, the CryptoShuffler Trojan doesn’t generate any suspicious system processes. Nor does it appear to use a lot of CPU power or memory either. To most people, it will simply go by unnoticed, which is exactly what makes this malware so dangerous. It is a very troublesome development in the world of cryptocurrency, yet there doesn’t appear to be a fix for this problem as of right now.

The most worrisome aspect of CryptoShuffler is that it completes its job in mere milliseconds. It seems this malware has been around since 2016 but is only now gaining traction, for some unknown reason. It is also a bit unclear how the malware is distributed exactly, although malicious email attachments seem the most likely culprit right now. It is evident we will only see more threats against cryptocurrency users in the future.