Cryptocurrencies have brought along many things, some of them great. But there is one we wish we’d been spared and that is the growing ingenuity of hackers in coding malware. The latest proof is a new piece called ComboJack, which sprung up recently to exploit an old vulnerability in Microsoft DirectX.
The malware, which has infected primarily American and Japanese computers, cleverly takes the form of a PDF file with an embedded DOC file that makes use of the DirectX API. It then downloads the executable payload onto the victim’s system.
Once the machine is infected, ComboJack scans the user’s clipboard every half second to see if there is anything resembling a wallet address for any number of cryptocurrencies.
If it finds one, it replaces it with what we can presume to be the infiltrator’s wallet address. This is very similar to the CryptoShuffler malware found in 2017, which exploits clipboards in the exact same manner.
However, ComboJack works with multiple cryptocurrencies and has a more subtle delivery system so the average computer user may have trouble noticing the intrusion.
“This technique relies on victims not checking the destination wallet prior to finalizing a transaction. In 2017, CryptoShuffler was the first malware to utilize this tactic. In contrast to that one, which focused on Bitcoin, ComboJack targets a range of cryptocurrencies in addition to Bitcoin, including Litecoin, Monero, and Ethereum,” according to the researchers at Palo Alto Networks.
CryptoShuffler was a much lazier version of this malware, only stealing Bitcoin and looking for anything similar to a wallet address without discernment.
Discovered by Kaspersky Lab, the malware slowly accumulated a small fortune of over 23 Bitcoins, which at the time had a value in excess of $150,000.
Since both instances of the malware depend on the victim’s ignorance, the most surefire method to avoid the loss of cryptocurrency is to verify wallet addresses after pasting them.