Just one day ago Chinese cybersecurity analysts of 360 Total Security Center gave out a new warning
Recently, 360 Security Center discovered a new type of actively spreading CryptoMiner, ClipboardWalletHijacker. The Trojan monitors clipboard activity to detect if it contains the account address of Bitcoin and Ethereum.
It tampers with the receiving address to its own address to redirect the cryptocurrency to its own wallet.
This kind of Trojans has been detected on more than 300 thousand computers within a week.
The main function of ClipboardWalletHijacker is a recurrent loop monitoring the content of clipboard.
The function of the clipboard fetcher:
If it detects the content is the address of Ethereum wallet, it replace the address with its own:
The replacement address is “0x004D3416DA40338fAf9E772388A93fAF5059bFd5”. There have been 46 successful transactions in total.
The most recent transactions are:
If the address is not Ethereum, the Trojan checks if it is Bitcoin address, and the address number begins with 1 or 3.
If the current date is earlier than 8th of the month, replace the address to “19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL”. Otherwise, use “1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1” instead.
Check your CLIPBOARD!