2.3m BTC Addresses Monitored by Malware that ‘Hijacks’ Clipboards

(BleepingComputer)–There are many reasons why experts believe that cryptocurrency hasn’t yet bet adopted for mainstream use. High fees and slow transaction times make using many crypto networks for everyday transactions extremely impractical; public and private addresses (long strings of characters that are used to send and receive transactions on blockchain networks) can be confusing and intimidating to use.

The creators of a kind of malware known as cryptocurrency clipboard hijackers know this. While this particular kind of crypto malware is not new, Bleeping Computer discovered that one piece of clipboard hijacking malware was monitoring a whopping 2.3 million Bitcoin addresses.

Time to buy the dip?

Clipboard Hijackers Swap Out Crypto Addresses for Their Own

Here’s how it works: the malware monitors an operating system’s clipboard for strings of characters that resemble cryptocurrency addresses; once one is detected, the malware will swap out the address for another one that is under the control of a malicious actor.

Unless the transaction sender checks to make sure that the pasted version of cryptocurrency address they are sending funds to matches the copied version, users will unknowingly send their crypto into oblivion.

This particular kind of malware is so dangerous because of its simplicity. It won’t totally hijack your computer’s functionality, it won’t significantly slow down your CPU; instead, it quietly runs in the background, watching.

Protecting yourself against this kind of malware is fairly simple–make sure that you have a reputable antivirus software installed on your computer, and make sure that it is kept up-to-date. Avoid visiting “sketchy” websites that illegally stream video, and ensure that all files that you voluntarily download are scanned for viruses.

Crypto Malware Has Made Crypto Theft ‘Easy’

Even if you do all of this, it’s still not a bad idea to double-check and see if the cryptocurrency address that you’ve pasted is the one that you’ve copied.

In June, cybersecurity firm Carbon Black reported that thieves had stolen $1.1 billion in crypto using malware since the beginning of the year. What was even more surprising is that most of the individuals operating the malware did not seem to have any real technical know-how; they could simply purchase a piece of malware off of the deep web, and essentially just ‘plug-and-play.’

“You just have to able to log in and be able to buy the thing,” Carbon Black Security strategist Rick McElroy told CNBC. “You can call customer support and they’ll give you tips.”