CryptoShuffler Cryptojacking
The CryptoShuffler Cryptojacking is a Trojan that hijacks links associated with cryptocurrency wallets, such as Bitcoin. Its attacks funnel money to illicit accounts and may interfere with various commercial transactions using cryptocurrency payments. Users should double-check any links before transferring money through these methods and have their anti-malware programs remove the CryptoShuffler Cryptojacking when they find it.
Doing the Wallet-Emptying Shuffle
For cybercriminals, the boom in cryptocurrency, in part, translates into encouragement for installing Trojans with 'mining' capabilities for exploiting others' hardware for making money. However, it can be easier to intercept and transfer Bitcoin and similar currencies, rather than making them, as some of the newest threats of 2018 demonstrate. The profitability of Trojans like ComboJack Cryptojacking and the CryptoShuffler Cryptojacking offers better returns for its admins while avoiding most of the visible symptoms that a non-consensual mining program would deliver.
Accounts associated with the CryptoShuffler Cryptojacking campaign's illicit transfers are showing over one hundred thousand USD in accumulated Bitcoin profit. This Windows program uses minor Registry edits for running automatically and, instead of mining, monitors the user's clipboard, where Windows stores copied-and-pasted data. If the user copies an URL that matches the format of a notable cryptocurrency, such as Bitcoin or Ethereum, the CryptoShuffler Cryptojacking replaces it with the threat actor's wallet address, thereby collecting the transfer of currency.
From previous analyses, malware experts are confirming that the above feature is identical to the payload of ComboJack Cryptojacking functionally. Like that separate campaign of wallet activity-hijacking attacks, the CryptoShuffler Cryptojacking exhibits almost no symptoms, beyond the substitution of the links that takes place during the pasting process. Unlike a cryptocurrency-mining threat, the CryptoShuffler Cryptojacking takes up no significant system resources and doesn't strain the CPU, GPU or other hardware.
Shuffling the CryptoShuffler Cryptojacking out the Exit Door
Spam e-mail messages and the file attachments they distribute are infection vectors in high use with threats of this classification especially, including some of the CryptoShuffler Cryptojacking's direct competitors. Malware experts recommend updating Windows regularly for removing some of the security holes associated with these clipboard-based attacks, in addition to taking appropriate precautions whenever opening documents and other media arriving from unusual sources. Trojan droppers for the CryptoShuffler Cryptojacking could misrepresent themselves as being invoices, notices for deliveries, news articles or office equipment messages.
Because most cryptocurrencies require mutual consent for refunding, the money that the CryptoShuffler Cryptojacking collects is irretrievable. Users can protect themselves by confirming the appropriate wallet addresses visually before approving of all transactions, as well as entering the links manually, instead of pasting them. Any anti-malware programs identifying all similar classes of threats correctly also should delete the CryptoShuffler Cryptojacking safely, as long as they're active and updated.
While the CryptoShuffler Cryptojacking's attacks are very specialized, the narrowing of scope is paying off for its threat actors. Where there's money, there's theft, and anyone trafficking in cryptocurrencies shouldn't forget that.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.