Combojack Steals Cryptocurrency Through Your Clipboard

This malware exploits not just security holes, but user’s habits.

Malware creators are getting awfully tricky. Combojack uses old methods of infection, and a new method to steal from users.

Users are infected though malware phishing schemes. Typically through an email speaking of a lost passport, the receiver is invited to view a PDF for identification of that passport. Once opened, the user is presented with a single line to open an embedded document. This embedded document is what infects the device.

Once on the user’s computer, the malware begins checking the computer’s clipboard every half second. Why the clipboard? Because cryptocurrency wallets are long strings of characters, and users will typically copy and paste these addresses to use them, which of course places this address in the computer’s clipboard.

Once the malware recognizes a cryptocurrency address, it simply replaces it with the attackers address. When the user completes their transaction, the cryptocurrency ends up in the attacker’s wallet.

The best defense against this malware, is quite simple. Don’t open emailed documents from unknown sources. It’s surprising that at this point in time, that malware is still capable of being delivered in such a basic way. As long as user’s continue to ignore such basic security practices, malware creators will continue to use these routes.


Source: Digital Trends


Founder & Owner of UTB Blogs. Former BlackBerry Elite. When I'm not talking or writing about BlackBerry, you'll find me using my BlackBerry.