Malware identified by Palo Alto Networks targets data held on user clipboards from cut, copy and paste actions. ComboJack is a trojan able to replace unsuspecting user’s wallet data with the wallet address of an attacker.
ComboJack embeds itself on user systems with a possible source identified by Palo Alto Networks as phishing or malspam email. ComboJack will then frequently check the system clipboard for copied cryptocurrency wallet information.
If a genuine wallet address is identified, it is then replaced with a hardcoded wallet address presumed to belong to the attacker. Users unwittingly paste the incorrect wallet address when making a cryptocurrency transaction and send funds to the attacker instead of their desired location.