Great News! MarketersMedia is officially entering into a long-term partnership with Vertical News Network.
Learn More
How It Works? Plans & Pricing Our Distributions Newsroom Info Hub Sign Up Sign In Send Press Release Contact Sales
Contact Sales Sign Up Your Account Send Press Release
MarketersMEDIA / Newsroom / 360 discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker.

360 discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker.

Share This Press Release

New CryptoMiner hijacks your Bitcoin transaction. Over 300,000 computers have been attacked.

— Recently, 360 discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if it contains the account address of Bitcoin and Ethereum. It tampers with the receiving address to its own address to redirect the cryptocurrency to its own wallet. This kind of Trojans has been detected on more than 300 thousand computers within a week.

Analysis

The main function of ClipboardWalletHijacker is a recurrent loop monitoring the content of clipboard.

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor1.png

The function of the clipboard fetcher:

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor2.png

If it detects the content is the address of Ethereum wallet, it replace the address with its own:

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor3.png

The replacement address is "0x004D3416DA40338fAf9E772388A93fAF5059bFd5". There have been 46 successful transactions in total.

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor4-1024x277.png

The most recent transactions are:

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor5.png

If the address is not Ethereum, the Trojan checks if it is Bitcoin address, and the address number begins with 1 or 3.

If the current date is earlier than 8th of the month, replace the address to "19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL". Otherwise, use "1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1" instead.

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor6.png

The Trojan has successfully hijacked five Bitcoin transactions already.

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor7.png

The amount of the latest transaction is 0.069 BTC (approximately equivalent to 500 US dollars).

https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor8-1024x197.png

The income from another address:
https://blog.360totalsecurity.com/wp-content/uploads/2018/06/ClipboardAddressMonitor9.png

Reminder

Recently, they have found that a lot of CryptoMiner Trojans are using this technique to steal victims' cryptocurrencies. We strongly recommend users to enable antivirus software while installing new applications. Users are also recommended to run virus scan with 360 Total Security to avoid falling victim to CryptoMiner.

Qihoo 360 Technology Co. Limited

Website: https://www.360totalsecurity.com

Email: support@360safe.com

Contact Info:
Name: Media Relations
Organization: Qihoo 360 Technology Co. Limited

For more information, please visit https://www.360totalsecurity.com

Source: PressReleaseAgency

Release ID: 357267

Our Client

Subscribe and Recieve exclusive insider tips and tricks on Press Release.

Follow Us

Copyright © 2012 - 2018 MarketersMEDIA – Press Release Distribution Services – News Release Distribution Services. All Rights Reserved.

Powered by Semantics BigData Analytics (SBDA).