Submitted via IRC for BoyceMagooglyMonkey
While cryptocurrency has seen tremendous growth over the past year, sending cryptocoins still requires users to send the coins to long and hard to remember addresses. Due to this, when sending cryptocoins, many users will simply copy the address into memory from one application and paste it into another application that they are using to send the coins.
Attackers recognize that users are copying and pasting the addresses and have created malware to take advantage of this. This type of malware, called CryptoCurrency Clipboard Hijackers, works by monitoring the Windows clipboard for cryptocurrency addresses, and if one is detected, will swap it out with an address that they control. Unless a user double-checks the address after they paste it, the sent coins will go to an address under the attackers control instead the intended recipient.
While we have covered cryptocurrency clipboard hijackers in the past and they are not new, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses!
(Score: 3, Informative) by Snow on Thursday July 05 2018, @03:45AM
This is just a simple evolution of malware that has been around for years.
The original version would just monitor the clipboard for a bitcoin address and then substitute another. This could be noticed if the user was looking at the address when they pasted it. To get around that, this version has a list of precomputed addresses. It will continue to monitor for a bitcoin address, but this time it will take the first 3 characters and find a match in it's list and use that address so when the paste happens, it looks somewhat similar.
Take a look at the last address on the list:
https://www.blockchain.com/en/btc/address/1zzzmmAGUMpkXzg5MSy8VAyzT5syt24Am [blockchain.com]
It has NO transactions. This is not a list of most active accounts. It's a list of precomputed addresses that can be swapped in quickly to make the swap more believable. It's too computationally expensive to generate a believable fake in real-time.
I'm sorry, I'm just -really- into bitcoin. I'm not trying to be argumentative or anything; I'm just really passionate about it. :)