ComboJack Cryptojacking
The ComboJack Cryptojacking is a Trojan that hijacks text links associated with cryptocurrency wallets and other, financial transactions. This threat may prevent you from transferring money to its intended recipients and interfere with buying or selling activities. Users should monitor their transaction histories for any unusual discrepancies and have their anti-malware tools uninstall the ComboJack Cryptojacking if they suspect that it's present.
Reasons for Keeping an Eye on Your Copy-and-Pastes
The act of cryptocurrency transfer hijacking is a crime that's seeing increased growth throughout 2018. While various entities in the cyber-security industry and even OS companies, such as Microsoft, are implementing different protections against these threats, they remain profitable enough that the threat actors see returns from distributing them. The ComboJack Cryptojacking is exemplary of such campaigns, with infection vectors that malware analysts isolate to spam e-mails.
Attempted installations of the ComboJack Cryptojacking arrive via attachments to e-mail messages sent to Japanese and American recipients. They display a 'lost passport' tactic and an accompanying document that, after opening, drops the Trojan. The ComboJack Cryptojacking, once it compromises the computer, leaves few to no symptoms but is capable of hijacking various currency-related transactions.
The ComboJack Cryptojacking replaces the text of copy-pasted wallet addresses for cryptocurrencies like Bitcoin, Litecoin, or Monero with those of its threat actors', which lets these people take the money without any additional work. While this is the ComboJack Cryptojacking's most notable feature, malware analysts also find it equally compatible with some non-cryptocurrency services, including Yandex Money and WebMoney. Victims who don't monitor their transaction histories may never realize that they're transferring money to the wrong accounts.
Keeping Your Money from Being Jacked
The ComboJack Cryptojacking isn't a unique threat, as malware researchers are finding various competitors within its same niche inside of the harmful software industry, including CoinImp Cryptojacking, deepMiner Cryptojacking, Minr Cryptojacking, and the particularly prominent Coinhive Cryptojacking. However, the ComboJack Cryptojacking does stand out from these similar-purpose Trojans by being the only one using a Windows clipboard exploit for its primary attack. Users updating Windows regularly already should have protection against this remote code execution vulnerability (CVE-2017-8759), which Microsoft provides a patch for since last year.
Since the ComboJack Cryptojacking limits its payload to swapping the text of financial transaction addresses, it has few symptoms. Double-checking these links before providing authorization for currency transfers can help you identify the threat before it causes any monetary damage. Because most cryptocurrencies require consent from both parties for refunding, any money under these people's possession is effectively not recoverable. Standardized anti-malware applications also should delete the ComboJack Cryptojacking immediately without any further response from the user.
Users already should be aware of the dangers of opening e-mail attachments, especially documents, which are capable of hosting a variety of exploits. However, the ComboJack Cryptojacking's campaign also points out that taking over a year to update Windows is a dereliction of duty that comes with wallet-based repercussions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.