Trojan Switches BTC Address Copied to Windows Clipboard

Evrial Trojan can replace legitimate payment addresses and URLs with addresses under the attacker's control
22 January 2018   5269

A new Trojan called Evrial is being sold on criminal forums and being actively distributed in the wild. Like most Trojans, Evrial can steal browser cookies and stored credentials, but this Trojan also has the ability to monitor the Windows clipboard for certain text, and if detected, modify it to something else.

First discovered and tracked by security researchers MalwareHunterTeam and Guido Not CISSP, by monitoring the Windows clipboard for certain strings, Evrial makes it easy for attackers to hijack cryptocurrency payments and Steam trades. This is done by replacing legitimate payment addresses and URLs with addresses under the attacker's control.

According to MalwareHunterTeam, Evrial is currently being sold on Russian criminal forums for 1,500 Rubles or ~ $27 USD. It is stated that after purchasing the product, an attacker gains access to a web panel that allows them to build an executable program.

Russian forum postTranslated post from a Russian forum

When Evrial detects a bitcoin address in the clipboard, it replaces that legitimate address with one under the attacker's control. Then the victim pastes that address into their app and clicks send. Now when the bitcoins are sent, they go to the attackers address rather than your intended recipient.

Evrial is also configured to detect strings that correspond to bitcoin, litecoin, monero, WebMoney, Qiwi addresses and Steam items trade urls.

In addition to monitoring and modifying the clipboard, Evrial will also steal bitcoin wallets, stored passwords, documents from the victim's desktop, and a screenshot of the active windows. All of this information will be compiled into a zip file and uploaded to the attackers web panel.

Trojan web-panelEvrial Trojan web panel

MalwareHunterTeam stated that the best way to protect yourself is to practice good computing habits.

US Authorities to Sell $4.3M Worth Seized BTC

As reported, the Bitcoins were seized during different federal investigations
18 October 2018   90

The US Federal Penitentiary and Marshals Service has announced an auction, during which 660 Bitcoins will be sold, previously confiscated by law enforcement agencies. The current market value of the coins put up for sale is about $ 4.3 million, CoinDesk reports.

Bitcoins offered for sale were seized during federal criminal, civil and administrative investigations.

The auction will be held on November 5, and to participate in it, you must register no later than October 31 and make a deposit of $ 200,000.

The trades will be divided into two parts and include the sale of six blocks of 100 BTC and one more block of 60 BTC. Auction participants will not be able to view other people's rates or change their own.

The Office clarified that part of the assets put up for auction includes Bitcoins, which were seized during the recent investigations into the cases of the traders Teresa Tetley and Thomas Mario Costanzo. Teresa Tetley was sentenced in July to a year in prison on charges of trading in cryptocurrency without the necessary license and laundering money obtained from drug trafficking.

The Marshals do not report which part of the bitcoins seized from Tetley and Costanzo is put up for auction, however, it was previously known that 40 BTC were withdrawn from the first, and 80 BTC from the second.

Two previous major auctions for the sale of confiscated bitcoins were held in the United States in January and March of this year. In the first case, 3813 BTC was sold, in the second - 2170 BTC.