Jigsaw first entered the cryptocurrency arena in April 2016 in the form of a ransomware which means that it held the files and information of users hostage till a ransom of Bitcoin was paid. With the most recent version, the ransomware has been revamped to steal bitcoin in an innovative and non-intrusive manner by modifying the address put in by the user. Once the malware changes the address put in, the Bitcoin payments will be redirected to the hacker’s account and therefore, resulting in a loss for the original user.
Also known as ‘BitcoinStealer’ by references in the code of the program, it changes the address in the clipboard or the area where copied text is kept. The program also alters the users address in such a manner that the new redirected address looks very similar to the user’s original one. They use programs like VanityGen to trick users by redirecting to similar addresses.
This method has proven to be rather successful as it was reported that since the Jigsaw was reintroduced, almost $61,000 have been stolen at current market prices. It was discovered that many similar projects for ‘modifying cryptocurrency addresses’ were being advertised on the dark web, indicating that these forms of attacks are bound to get more common.
However, these kinds of attacks were not included in the recent threat report issued by the cybersecurity firm ‘Malwarebytes’. The report stated that in the third quarter of the year, it is expected that the focus will shift away from cryptojacking as the hackers aren’t getting the ROI on crypto mining.
It is likely that these clipboard substitution type hacks are going to increase because it is a more reliable, profitable and non-intrusive method for hackers to steal cryptocurrency.
Follow us on Telegram!