Researchers identify a new data-compromising Trojan that spies on Windows clipboard

Is someone spying on your Windows Clipboard?

Cyber criminals are tapping into a new Trojan that can steal sensitive information such as browser cookies and credentials.

Discovered by security specialists MalwareHunterTeam and 'Guido Not CISSP', the Trojan - dubbed Evrial - can also spy on Windows clipboard entries.

In this scenario, cyber crooks can monitor the short-term storage space for sensitive information, including Bitcoin details and passwords. They also have the ability to modify this information.

According to the researchers, hackers are selling access to the Trojan on the usual criminal forums, and its use is spreading quickly.

The researchers came across the Trojan when they were monitoring Windows Clipboard strings. They claimed that attackers are hijacking the service to compromise cryptocurrency and Steam trades - trading between users of the popular Steam gaming service from Valve Software.

Hackers are able to do this by changing legitimate payment addresses and URLs to their own addresses. As a result, they can get hold of payments.

Evrial is currently thought to be dominating Russian criminal forums, where it's being sold for around 1,500 Rubles ($27). However, criminals are preying on global targets.

In advertisements for the Trojan, sellers claim that attackers get access to a web panel where they can get control of compromised devices. Here, they can monitor clipboard modifications.

One of the Trojan's most dangerous features is that it can identify specific strings in Windows Clipboard. Hackers are able to replace these with their own, meaning they can redirect cryptocurrency payments.

However, speaking to Bleeping Computer, MalwareHunterTeam confirmed that such modifications are rare. Whatever the case, they remain a great threat.

Generally speaking, it's not easy to program Bitcoin addresses. But Windows clipboard has become an efficient way to manage them - creating a window of opportunity for the hackers.

Sneakily, hackers are using the trojan to replace legitimate Bitcoin addresses. So when victims go to use the address, they think it's real.

The researchers claimed that cyber criminals are using the Trojan not just for Bitcoin, but also people holding and mining Litecoin, Monero, WebMoney, Steam and Qiwi.