{
	"id": "dc139acf-96c7-4643-b5f4-00f0e87021e6",
	"created_at": "2026-04-06T00:09:14.901343Z",
	"updated_at": "2026-04-10T03:20:46.271105Z",
	"deleted_at": null,
	"sha1_hash": "4d87f690c0d8837f12dd980979aca2e7c9b05064",
	"title": "CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC Clipboards",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 648460,
	"plain_text": "CryptoShuffler Stole $150,000 by Replacing Bitcoin Wallet IDs in PC\r\nClipboards\r\nBy Catalin Cimpanu\r\nPublished: 2017-11-01 · Archived: 2026-04-05 15:47:14 UTC\r\nThe operators of a malware strain identified as CryptoShuffler have made at least $150,000 worth of Bitcoin by using an\r\nextremely simple scheme.\r\nCrooks infect users with their trojan, which then sits idly on users' computers and does nothing but watch the user's\r\nclipboard and replace any string that looks like a Bitcoin wallet with the attackers' address.\r\nWhen the victim wants to make a payment and copy-pastes the wallet ID inside a payment field, if the user doesn't notice\r\nthe new address, crooks would receive the payment.\r\nhttps://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/\r\nPage 1 of 4\n\nhttps://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nCryptoShuffler has been active since 2016\r\nThe trojan has been making the rounds for more than a year. Transactions to CryptoShuffler's Bitcoin wallet reached their\r\npeak in late 2016, but Kaspersky Lab detected a new campaign in June 2017.\r\n\"The malware described is a perfect example of a 'rational' gain,\" said Sergey Yunakovsky, Kaspersky Lab malware analyst.\r\n\"The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor\r\nload.\"\r\nCryptoShuffler's Bitcoin wallet currently holds 23.21 Bitcoin, worth over $150,000 at today's (record) Bitcoin price of\r\n$6,544.\r\nCryptoShuffler targets other cryptocurrencies as well\r\nBesides Bitcoin, crooks also targeted wallets for other cryptocurrencies, such as Dogecoin, Litecoin, Dash, Ethereum,\r\nMonero, and Zcash.\r\nThe funds in the wallets for the other cryptocurrencies aren't pennies either, ranging from tens to thousands of US dollars.\r\nCryptoShuffler is one of the most successful malware families targeting cryptocurrencies to date. For example, another\r\nmalware author wasted months scanning for vulnerable IIS servers to install a Monero miner, only to make $63,000. Making\r\nover $150,000 for some code that watches the clipboard and replaces a string is quite the ROI (return on investment).\r\nCryptoShuffler MD5 hash:\r\n0ad946c351af8b53eac06c9b8526f8e4\r\n095536CA531AE11A218789CF297E71ED\r\n14461D5EA29B26BB88ABF79A36C1E449\r\n1A05F51212DEA00C15B61E9C7B7E647B\r\n1E785429526CC2621BAF8BB05ED17D86\r\n2028383D63244013AA2F9366211E8682\r\n25BF6A132AAE35A9D99E23794A41765F\r\n39569EF2C295D1392C3BC53E70BCF158\r\n50E52DBF0E78FCDDBC42657ED0661A3E\r\n6EB7202BB156E6D90D4931054F9E3439\r\n7AE273CD2243C4AFCC52FDA6BF1C2833\r\n7EC256D0470B0755C952DB122C6BDD0B\r\n80DF8640893E2D7CCD6F66FFF6216016\r\nAA46F95F25C764A96F0FB3C75E1159F8\r\nB7ADC8699CDC02D0AB2D1BB8BE1847F4\r\nD45B0A257F8A0710C7B27980DE22616E\r\nD9A2CD869152F24B1A5294A1C82B7E85\r\nhttps://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/\r\nhttps://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards/"
	],
	"report_names": [
		"cryptoshuffler-stole-150-000-by-replacing-bitcoin-wallet-ids-in-pc-clipboards"
	],
	"threat_actors": [],
	"ts_created_at": 1775434154,
	"ts_updated_at": 1775791246,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4d87f690c0d8837f12dd980979aca2e7c9b05064.pdf",
		"text": "https://archive.orkl.eu/4d87f690c0d8837f12dd980979aca2e7c9b05064.txt",
		"img": "https://archive.orkl.eu/4d87f690c0d8837f12dd980979aca2e7c9b05064.jpg"
	}
}