BEIJING, June 14, 2018 /PRNewswire/ — 360 Total Security is now available for cryptocurrency users worried about hijacking. Recently, 360 has discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if the activity contains the account address of Bitcoin (BTC) and Ethereum (ETH). It tampers with the receiving address to its own address to redirect the cryptocurrency to its own wallet. This kind of Trojan has been detected on more than 300,000 computers within a week.
The main function of ClipboardWalletHijacker is a recurrent loop monitoring the content of clipboard. If the content is the address of Ethereum wallet, it replaces the address with “0x004D3416DA40338fAf9E772388A93fAF5059bFd5”. There have been at least 46 successful transactions in this address since this Trojan was found.
If the content is not the address of Ethereum, ClipboardWalletHijacker will check if it is Bitcoin address instead. It hijacks the address number that begins with 1 or 3 of Bitcoin. The replacement strategy is set up by date. If the current date is earlier than the 8th of the month, the Trojan will replace the address with “19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL”. This address has hijacked at least 0.034 BTC. Otherwise, it will use “1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1” instead. It has successfully hijacked five Bitcoin transactions already and the amount of hijacking is increasing. So far, the highest transaction amount being hijacked is 0.069 BTC, approximately equivalent to 500 US dollars.
Recently, 360 has found that a lot of CryptoMiner Trojans are using this technique to steal victims’ cryptocurrencies. It is strongly recommended that users enable antivirus software while installing new applications. Users are also recommended to run virus scan with 360 Total Security to avoid falling victim to CryptoMiner.