Malware Hijacks Bitcoins by Changing Clipboard-Copied Addresses
Cryptocurrency users have seen firsthand how devastating Trojan virus can be these days. A new threat has surfaced which goes by the name of Evrial. What makes this particular Trojan so annoying to deal with is that it can alter a Bitcoin address copied to one’s clipboard. As a result, a lot of funds will eventually be sent to the wrong Bitcoin address, which is a terrible development.
This is not the first nor will it be the last time Bitcoin users will be confronted with a Trojan. The malware as mentioned earlier has been present in the Bitcoin industry for several years now. What makes it so irritating to deal with is that every new type professedly offers some distinct functionality. Furthermore, security researchers have had a hard time restraining these Trojans, as perpetrators have been getting a lot artful in developing tools like this one.
As in the case of Evrial, it seems this particular Trojan can be detected across a fair few criminal forums. Bleeping Computer also states that this malware has been discovered in the wild, although it remains a mystery if that is part of a targeted diffused campaign.
One can find Bitcoin users all over the world, and most of them take computer security very seriously. Nevertheless, when a tool like this one comes around and alters the copied Bitcoin address on one’s computer clipboard, there is very little one can do to impede the attack.
It seems the Evrial Trojan is also capable of hijacking browser cookies and browser credentials. That is not an abnormal behavior in the class of Trojans, although it is another thing to worry about as far as this remarkable jerk is concerned. Hijacking cryptocurrency payments and even Steam trades seem to be the primary aim of the malware’s developers, although it is still unclear what they aspire to achieve by hijacking Steam trades also.
Involved parties who visit criminal forums on the darknet will be able to purchase this malware for as little as $27. It is incredible how low prices for such tools have dropped in the past few months, making them far more accessible to amateur hackers.
Apparently, the malware comes packaged with a web admin panel to build the executable file. It is still up to the individual distributors to ensure that people respond to their payloads, but that is to be expected when paying such a small price for the malware purchase.
With the Evrial virus able to take control of the Windows clipboard, a very intriguing situation follows. Anyone who performs cryptocurrency payments through a desktop client or hardware wallet is potentially at risk due to this malware. After all, most users copy recipient addresses to the Windows clipboard before sending the funds. It is this copied information which can be altered by the malware. Meanwhile, in most cases, it seems to affect Bitcoin payments only, but it’s not inconceivable that some top altcoins will also be affected.
Since no one knows Evrial’s precise method of delivery, there isn’t much that computer users can do right now. Presently, the best plan of action is to never download email attachments from strange senders, abstain from clicking dodgy links found on social media, and do well to update all antivirus software installed on your computer.
For now, users of other operating systems are apparently unaffected by this malware, although that situation is still subject to change.