CryptoShuffler malware: Hackers stole over $150,000 from numerous popular cryptocurrency wallets

Hackers targeting various popular cryptocurrency wallets have managed to steal around $150,000 (£113,250) worth of Bitcoins using a malware variant called CryptoShuffler. The malware has been around since last year and has been targeting popular cryptocurrencies including Bitcoin, ZCash, Ethereum, Monero, among others.

Although CryptoShuffler's Bitcoin wallet peaked last year, security experts at Kaspersky Lab uncovered a new campaign that began in June this year. Unlike other cryptocurrency mining malware variants, CryptoShuffler takes efforts to operate under the radar.

CryptoShuffler idly lies about on an infected user's computer, monitoring his/her clipboard. The malware merely changes the user's legitimate address in a Bitcoin wallet, replacing it with the hackers' address. The malware's activities peaked in late 2016, followed by a slump. However, a new campaign was detected in June this year.

"This Trojan clearly demonstrates that an infected computer or smartphone will not necessarily slow down or display ransom messages. On the contrary, many kinds of malware try to keep a low profile and to operate as stealthily as possible; the longer they remain undetected, the more money they will make for their creators," Kaspersky Lab said in a blog.

The malware's Bitcoin wallet currently holds 23.21 Bitcoins – valuing over $150,000. Other cryptocurrency wallets operated by the hackers running the malware were found to contain sums ranging from tens to thousands of dollars.

"The malware described is a perfect example of a 'rational' gain," Kaspersky Lab malware analyst Sergey Yunakovsky said, Bleeping Computer reported. "The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load."