New clipboard hijacker malware infects more than 300.000 computers, according to Qihoo 360 total security. The malware, which the researchers named ClipboardWalletHijacker, has taken enormous amount in the last week.
The malware function is simple and difficult to observe by the user. What it does is constant control over the contents of the Windows clipboard (that is, what the user does, eg a text), and if its format resembles Bitcoin or Ethereum, it replaces it with another. Its ultimate goal ClipboardWalletHijacker is to confuse the user, sending Bitcoin or Ethereum to another address than desired. The difference is hardly understood by the user since the addresses consist of 30 + random characters. It is important to note that once a cryptogram has been sent, there is no way to recover it.
By checking the hardcoded addresses found in malware, it was noticed that there were no victims of the Ethereum address, unlike Bitcoin address, where 8 transactions totaling 0.12434321 Bitcoin (equal to approximately 700 Euro) have been completed.
But this is not the only malware that Qihoo 360 has recognized. The "TaksHostMiner", A malicious program that managed to infect more than 10.000 computers in just one day, is another finding of researchers. The program slows down computers significantly as a miner runs secretly and temporarily stops working when it detects that the task manager is running through which the user can control which process is loaded on his system. After pausing, it checks every 15 seconds if the task manager is terminated, and if so, it is running again.