Evrial Malware Steals Bitcoins by Changing Clipboard-Copied Addresses

Cryptocurrency users have learned firsthand how destructive Trojans can be these days. It seems a new threat has emerged which goes by the name of Evrial. What makes this particular Trojan so annoying to deal with is that it can change a Bitcoin address copied to one’s clipboard. As a result, a lot of money will eventually be sent to the wrong Bitcoin address, which is a very worrisome development.

Beware of the Evrial Bitcoin-stealing Trojan

This is neither the first nor the last time Bitcoin users will be confronted with a Trojan. This sort of malware has been present in the Bitcoin industry for several years now. What makes it so annoying to deal with is that every new type seemingly offers some different functionality. Moreover, security researchers have had a hard time curbing these Trojans, as criminals have been getting a lot craftier in developing tools like this one.

In the case of Evrial, it seems this particular Trojan can be found across a fair few criminal forums. Bleeping Computer also mentions that this malware has been spotted in the wild, although it remains unclear if that is part of a targeted distributed campaign. One can find Bitcoin users all over the world, and most of them take computer security very seriously. However, when a tool like this one comes around and modifies the copied Bitcoin address on one’s clipboard, there is very little one can do to thwart the attack, unfortunately.

It seems the Evrial Trojan is also capable of stealing browser cookies and browser credentials. That is not uncommon behavior in the world of Trojans, although it is another thing to worry about as far as this particular strain is concerned. Hijacking cryptocurrency payments and even Steam trades seems to be the main objective of the malware’s developers, although it is a bit unclear what they hope to achieve by hijacking Steam trades.

Interested parties who frequent criminal forums on the darknet will be able to purchase this malware for as little as US$27. It is uncanny how low prices for such tools have dropped in the past few months, making them far more accessible to novice hackers. Apparently, the malware comes bundled with a web admin panel to build the executable file. It is still up to individual distributors to ensure people respond to their payloads, but that is only to be expected when paying such a small price for the malware in question.

With Evrial able to take control of the Windows clipboard, a very interesting situation ensues. Anyone who completes cryptocurrency payments through a desktop client or hardware wallet is potentially at risk due to this malware. After all, most users copy recipient addresses to the Windows clipboard before sending money. It is this copied information which can be altered by the malware. In most cases, it seems to affect Bitcoin payments only, but it’s not unlikely that some top altcoins will also be affected.

Since no one knows Evrial’s exact method of distribution, there isn’t much that computer users can do right now. The best course of action is to never download email attachments from unknown senders, refrain from clicking dodgy links on social media, and update any antivirus solutions installed on your computer. For now, users of other operating systems are seemingly unaffected by this malware, although that situation is always subject to change.