Cunning Malware Changes Cryptocurrency Wallet Address

Recently, there has been a rise in the price of major cryptocurrencies, and once again, hackers are exploiting the situation for their benefit. AhnLab’s security experts have identified a malware that changes the user’s cryptocurrency wallet address to steal cryptocurrencies.



According to AhnLab, this is how it works. The attacker identifies vulnerable websites that are easy to take over. Once the attacker has control, it proceeds to distribute the malware using an exploit kit, which is a one-in-all tool for managing various exploits. This allows the attacker to identify the vulnerability within the user’s system and exploit it to carry out malicious activities. When the user visits one of the websites that had already been compromised, the attacker will use the exploit kit to download the malware.


After the user’s PC is infected, the malware will begin to monitor all activities to look for any information regarding the cryptocurrency wallet address. The attacker looks for a variety of cryptocurrency wallets, including that of Bitcoin, Ethereum, Litecoin, Zcash, and Bitcoin Cash.  Once the desired information has been located, the attacker will copy the address and slyly change it to his/her wallet address to steal cryptocurrencies.


This attack exploited the fact that people commonly copy and paste long and complicated cryptocurrency wallet addresses instead of manually entering each character.  Thus, if the wallet address is overlooked, cryptocurrencies will be sent directly into the attacker’s pocket, cryptocurrency wallet in this sense.


AhnLab’s anti-malware solution, V3, is capable of detecting and effectively responding to this type of malware. But to prevent further damage Check the cryptocurrency wallet address before making any transactions Refrain from visiting websites that are not secure Maintain the latest version and apply security patches for all OS (Operating System), web browsers (IE, Chrome, Firefox), application programs (Adobe, Java), and Office SW Implement essential security rules by maintaining the latest version of anti-malware programs, such as V3, and running enable real-time scans.


Jaejin Lee, a researcher at AhnLab, said, “With the recent rise in the price of cryptocurrencies, there has also been an increase in the number of cases exploiting vulnerabilities to steal cryptocurrencies or cryptocurrency-related information. Users must be cautious before making any important financial transactions and be sure to maintain the latest version for all OS, web browsers, and application programs.”


Source: AhnLab

This post is available in: enEnglish