A Trojan named Clipboard Ghost has recently been detected stealing cryptocurrencies by lurking on computers and spying on Bitcoin/Ethereum address that land in copy/paste clipboards.

Once crypto address is identified in clipboard, the Trojan will tamper the withdrawal address into the cybercrook’s BTC/ETH address. In this way, they could easily get away with bitcoin or ethereum at the cost of only some programmable strings.

The Clipboard Ghost could infect and lurk on computers all over the world through trojan downloader and spam, a large number of computers have been affected. Users had better keep their antivirus on working when access to internet.

The entry function of the Trojan is set to repeatedly read the clipboard data.

If an ETH address is monitored, it will be automatically replaced by the attacker’s address of 0x004D3416DA40338fAf9E772388A93fAF5059bFd5. 46 transactions could be seen in the address above;

If no ETH address is scanned, it will identify whether it is a BTC address (an identifier of 25-40 alphanumeric characters beginning with number 1 or 3). Two bitcoin addresses are traced for receiving these stolen bitcoins –

1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1

19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL

Thanks to the early detection of this Trojan, the address beginning with 1Fo so far has only 5 remittance with 0.089 bitcoin roughly worth $600. More than 50,000 attacks have been intercepted and 40 million yuan (roughly $6 million) loss was avoided, according to the trojan detector.

The clipboard trojan was detected by 360 Security Center, a Chinese internet security company known for its antivirus software 360 Safeguard. The company recently made its name by discovering an epic blockchain vulnerability in EOS and it alerted the crypto community to cyberattacks by revealing that $20 million worth ether has been hacked from poorly configured ethereum mining rigs and third-party applications.