Trojan Switches BTC Address Copied to Windows Clipboard

Evrial Trojan can replace legitimate payment addresses and URLs with addresses under the attacker's control
22 January 2018   4887

A new Trojan called Evrial is being sold on criminal forums and being actively distributed in the wild. Like most Trojans, Evrial can steal browser cookies and stored credentials, but this Trojan also has the ability to monitor the Windows clipboard for certain text, and if detected, modify it to something else.

First discovered and tracked by security researchers MalwareHunterTeam and Guido Not CISSP, by monitoring the Windows clipboard for certain strings, Evrial makes it easy for attackers to hijack cryptocurrency payments and Steam trades. This is done by replacing legitimate payment addresses and URLs with addresses under the attacker's control.

According to MalwareHunterTeam, Evrial is currently being sold on Russian criminal forums for 1,500 Rubles or ~ $27 USD. It is stated that after purchasing the product, an attacker gains access to a web panel that allows them to build an executable program.

Russian forum postTranslated post from a Russian forum

When Evrial detects a bitcoin address in the clipboard, it replaces that legitimate address with one under the attacker's control. Then the victim pastes that address into their app and clicks send. Now when the bitcoins are sent, they go to the attackers address rather than your intended recipient.

Evrial is also configured to detect strings that correspond to bitcoin, litecoin, monero, WebMoney, Qiwi addresses and Steam items trade urls.

In addition to monitoring and modifying the clipboard, Evrial will also steal bitcoin wallets, stored passwords, documents from the victim's desktop, and a screenshot of the active windows. All of this information will be compiled into a zip file and uploaded to the attackers web panel.

Trojan web-panelEvrial Trojan web panel

MalwareHunterTeam stated that the best way to protect yourself is to practice good computing habits.

German Exchange to launch Bitcoin Products

Deutsche Boerse, the Frankfurt Stock Exchange holder, is deciding about the providing cryptocurrency products
24 May 2018   77

Reporting in London on Wednesday, at a significant event of the sphere, Jeffrey Tessler (the firm's chief of customers, products and core markets), declared: "We are deep at work with it." Nevertheless, any move into the crypto space from the stock exchange might not be forthcoming fast. When CME Group and Cboe Global Markets both started bitcoin futures trading last December, Tessler further claimed during the event that Deutsche Boerse is "not at the same stage." According to his point of view, the company is attempting to understand the volatility of the bitcoin market first and insuring clients and regulators are "in line" before stepping ahead with any offerings.

Whilst a move into offering bitcoin products is not definite, the exchange has already been active in the blockchain field. Deutsche Boerse unvealed details to CoinDesk about its plan to move the majority of its post-trade services to a blockchain last June. It affirmed at the time that it was interested in building a system, using Hyperledger's open-source Fabric protocol, in order to transfer securities and move commercial bank money, while still undertaking cross-jurisdictional compliance with regulators.

Also, as recently as March, the group declared it wish to deploy a platform for more operative securities lending using R3's Corda blockchain tech.