Clipboard: new threats to cryptocurrency transactions

Clipboard: new threats to cryptocurrency transactions

Representations of the Ripple, Bitcoin, Etherum and Litecoin virtual currencies are seen on a PC motherboard in this illustration picture, February 14, 2018. REUTERS/Dado Ruvic/Illustration

Are your cryptocurrency transactions safe? Probably not, according to the UK’s National Cyber Security Centre, which recently reported that a clipboard hijacking malware programme was observed monitoring more than 2.3 million cryptocurrency addresses.

This newly-discovered malware is capable of scanning Windows Clipboard to identify cryptocurrency addresses. Once discovered, the malware switches legitimate addresses for transactions to the attacker’s designated addresses. This malware runs in the background, yet processes transactions as if they are genuine. There are no active signs of malware infection on the targeted computer. This malware is quickly becoming a major concern for online cryptocurrency transactions.

In June alone, a single cybersecurity company identified more than 3,00,000 computers infected by the new malware. These attacks appear to be concentrated on Bitcoin and Ethereum users.

While the complex nature of cryptocurrency transactions, including cryptocurrency addresses, relies on the system’s inherent complexity to maintain security, hackers have developed easy ways to take advantage of the complexities and user habits.

The easy link to exploit is the Windows Clipboard, where the information is temporarily stored. Users who are quick to find simple workarounds for complex security operations know that the easy thing to do with complex addresses is to copy them into the Clipboard application.

By copying these addresses from one application into Clipboard, which uses their computer’s memory as storage, users expose their information to the malware. When they later paste that address into the programme they are using to transfer the funds, the malware may have already done its damage. The malware simply sniffs out this sensitive information and replaces the address in the transfer application.

Since users normally store much more personal information in Clipboard, such as passwords, identification numbers and other information, they must remain vigilant. While there is no evidence suggesting that this new malware is seeking this additional information, new exploits are constantly being developed and implemented by our adversaries — all designed to separate you from your money or exploit other system vulnerabilities. With the investment potential in cryptocurrencies continuing to grow, it is imperative that users take precautions to counter growing threats.

Remember that Clipboard is not a safe place to store your personal information. Everything in this memory system offers potential exposure. If you do use the memory to store personal information, make sure to clear the information immediately after use so that the data cannot be exploited over longer periods of time.

Make sure that devices and software, including anti-viruses, are kept up-to-date so that potential threats can be eliminated before they have time to exploit your system.

In addition, the National Cyber Security Centre offers the following additional steps to protect your system against malware and to mitigate the damage if infected.

1. When using your antivirus or anti-malware products, be sure to run full scans on your system when you plug in new USB drives, download files or install new applications. Your software should also be automated to run at least every week to conduct full scans for things that you may have missed.

2. Be sure to also protect your mobile devices. These are the most vulnerable systems, as they are constantly accessed and usually have minimal protection installed.

3. Make sure that you safely back up your important files. This is especially important in this age of Ransomware, where your entire system can be locked to prevent your access until you pay the ransom.  Avoid this by making sure your backup is maintained separately from your computer. If you have backed up your files to a USB drive, or external hard drive, or other removable media, make sure that it is not connected or accessible anywhere on your network which may be attacked by ransomware.

4. Cloud services may also be used to back-up your files. However, be aware of the limitations involved in cloud services and your recovery options.

Limiting the damage

If your device has been infected with malware, these steps may help limit the impact of the infection.

Immediately disconnect the infected computers or devices from the network by turning off your Wi-Fi and unplugging any ethernet or connected network cables; Safely reformat or replace your disk drives and reinstall the operating system; Make sure you have connected device to a clean network in order to download, install and update the operating system and all other software; Install, update and run anti-virus software immediately on the new system; Once these measures have been completed, it should be safe to reconnect to your network; Make sure you are monitoring your network traffic and running anti-virus scans to identify new infections, or if remnants of the previous infection remain; Finally, make sure you backup your data for the next time.

Users should also be aware that many third-party applications can access user email accounts. When downloading a new app, understand what permissions are requested and granted. Do not permit application access to email accounts. Recent reports indicate users are granting permissions to access their email when they sign up for new email-based services. This has been especially prevalent with Google Gmail accounts.

While there have been no official reports of misuse of data obtained by third-party developers in this manner, users must be vigilant. This applies to all other downloaded applications as well.

In many cases, users will download an application to try it out, quickly agreeing to the permissions and legal terms without fully understanding them. While none of us want to waste our time with these long terms and conditions, they provide exceedingly important information about access to other applications and device hardware, all of which can be used to provide important personal information. In addition to email access, access may include mobile device GPS location, or to other personal information.

(Iyengar is Director, School of Computing and Information Sciences, Florida International University; Miller is an Associate Director at Discovery Lab, FIU; Madni is Distinguished Adjunct Professor, UCLA Electrical and Computer Engineering Department)

DH Newsletter Privacy Policy Get top news in your inbox daily