Categories: Bitcoin Business

Beware of Bitcoin Investment Emails Pushing Clipboard Hijackers

Click here to view original web page at www.bleepingcomputer.com

A new malspam campaign is under that contains an attachment that when executed will install a Windows clipboard hijacker that attempts to steal Bitcoins from its victims.

This new campaign was discovered by security site My Online Security who received a series of Bitcoin investment related emails. These emails had subject line that included "FW: Review BTC" or "FW: Review Your New Bitcoin International Investment Update 2019" and contained a archive attachment.

SPAM Email

This archive includes a JSE file, which is a JavaScript file, that contains a Base64 encoded executable stored in the file as shown below. When the JSE file is executed, it will decode the Base64 encoded file, save it to %Temp%\rewjavaef.exe, and then execute it.

Attachment

Once executed, a file called Task.exe will be saved to the %AppData%\svchost.exe\ folder as shown below. This file will then be executed as well.

Task.exe File

To make sure that the Task.exe is started every time a victim logs into Windows, a startup file called svchost.exe.vbs will be created in the user's Startup folder.

Svchost.exe.vbs Startup Script

The Task.exe program is actually a clipboard hijacker malware that is based off the open source BitPing program created by a security researcher named A Shadow.

A cryptocurrency clipboard hijacker is malware that monitors the Windows Clipboard for certain data, and when detected, swaps it with different data that the attacker wants. In this particular case, Task.exe will monitor the Clipboard for bitcoin addresses, and if one is detected, will swap it for the 3MSghqkGW8QhHs6HD3UxNVp9SRpGvPkk5W address, which is owned by the attacker.

Clipboard Hijacker

As cryptocurrency addresses are typically long and hard to remember, attackers understand that when sending bitcoins, most people will copy an address from another page, site, or program. This malware will detect the copied address in the clipboard and replace it with their own in the hopes the victim won't notice the swap. Then when the bitcoins are sent, they would be sent to the address under the attacker's control rather than the intended recipient.

The best way to avoid malware like this is to not open attachments that you receive from strangers or that you are not expecting. Furthermore, you should never run attachments that could execute commands on the computer. This includes JSE, JS, VBS, CMD, PS1, .EXE, or BAT file extensions.

If Windows is not configured to display file extensions, it is strongly suggested that you enable the display of extensions so you do not open malicious documents or executables by mistake.

This new campaign […]

cinerama

Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Share
Published by
cinerama

Recent Posts

Venezuelan designer prefers to receive his payments in bitcoin than in dollars

Source: UnSplash It is no secret to anyone. The economic situation in Venezuela has made bitcoin a clear alternative. On… Read More

4 hours ago

Bitcoin Price Charts & Technical Analysis: BTC Remains Bullish

- Consolidation within a common and strong continuation pattern continues. - The length and end of this consolidation can be… Read More

4 hours ago

Simon Ordish: Building WhatsOnChain to fit Bitcoin SV’s needs

While many cool applications have helped broaden the appeal of Bitcoin SV (BSV), one of the earliest applications has been… Read More

4 hours ago

Mark Mobius: Buy Gold At Any Price

Last week we reported that the mainstream is turning bullish on gold , and in recent months, a number of… Read More

4 hours ago

Veteran Investor: Demand For ‘Psycho Crypto Currencies’ Good For Gold Prices

Bitcoin has often been compared with gold as it shares a number of similar traits. Both are safe haven assets,… Read More

4 hours ago

Vaping May Harm Your Blood Flow—Even Without Nicotine

For first-time vapers, merely inhaling vape juice from an e-cigarette caused their blood vessels to constrict, stiffen, and circulate less… Read More

4 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More