Control-Alt-Steal! Hackers exploit Copy and Paste to nick £17.5m of crypto – how to avoid

OneCoin: Cryptocurrency 'scam' discussed by expert

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

A “simple but effective” botnet called MyKings hijacks the function on infected machines and redirects the payments to the attackers’ wallets. Research by Avast Threat Labs found that since its creation it has been used to steal at least £17.5m of cryptos including Bitcoin, Ethereum, and Dogecoin.

The analysts said they “can’t say that’s all stolen from MyKings infections, but at least some part of that sizable sum has come from MyKings using this Copy and Paste hijacking technique to successfully funnel money”.

The scam works by infecting the function so that when someone goes to copy their details instead of replicating their’s the criminal’s ones are pasted instead.

Many people use the function because wallet account numbers tend to be long and they don’t want to make a mistake, cybersecurity expert Christopher Budd said.

Double checking the details correlate with your account, or entering them manually is one way of avoiding this scam, he said.

Speaking to Express.co.uk, he added: “This isn’t hugely widespread in terms of numbers but the trick that they use is very effective.

“I would advise people to run security software which keeps malware off your system.

“And even though wallet numbers can be chunky, it’s best to just check and make sure before you finish a transaction.

“The malware has abused Copy and Paste but it’s not misrepresenting the numbers when you see them.

DON’T MISS: 
Man, 64, explains how he’s boosting retirement income [INSIGHT]
State pension age rethink ‘not beyond realm of possibility’ [REVEALED]
Bitcoin vs Ethereum – Which cryptocurrencies have real longevity? [ANALYSIS]

“So checking is a good way to avoid this.”

Mr Budd said that the malware – which has been around since at least 2016 – is seen as a “roll of the dice” in the attacker’s eyes.

This is because most of the people they send it to either do not have crypto or do not fall victim to it.

However, there are enough who do fall foul of it to make it worthwhile, he added.

Speaking more generally about securing your computer against crypto hackers, he said: “There’s a famous quote from a gangster who was asked ‘why do you rob banks?’

“He said ‘because that’s where the money is’.

“People are going after crypto bases because that’s where the money is. They are making off with tens of millions of dollars.

“Most of the time we don’t know who has done it.

“If we did, would we be able to prosecute them? Possibly. Would we get the money back? Unlikely.

“There are risk and reward ratios and the reason why the rewards are so high with crypto is because the risks are too.

“Key things people should have security-wise are two factor authentication wherever possible including on their email addresses.

Source: Read Full Article