Scam Emails and Clipboard Hijackers Proliferate to Pilfer Bitcoin

Published on by Cryptoslate | Published on

Mentioned in this article
Receiving Bitcoin investment related emails could cause a Windows clipboard hijacker to be installed on your computer, researchers warn.

The latest scam that has shaken the crypto industry was discovered on Mar. 12th, and it resembled some of the old email marketing scams that were present in the early 2000s.

Security website My Online Security was the first to report on the scam, as the people running the website received a series of Bitcoin investment related emails.

According to Bleeping Computer, the emails had a subject line that included "FW: Review BTC" or "FW: Review Your New Bitcoin International Investment Update 2019" and contained an archive attachment.

My Online Security found that the archive included a JSE file, a JavaScript file that contains malevolent code.

Opening the JSE file will decode the encoded file, save it, and then execute a malicious file called Task.exe.

This type of malware monitors the user's Windows Clipboard for previously determined data, Bleeping Computer explained.

In the case of the Task.exe malware, the program monitors the user's clipboard for Bitcoin addresses.

This is especially dangerous for less experienced traders, as most people copy Bitcoin addresses from another page, website, or program.

Bleeping Computer advised users not to open any attachments sent by unknown addresses and never to run attachments that can execute commands on the computer, such as JSE,.EXE or.