Malicious Software

Malicious software is anything that changes the functionality of your computer for the purpose of making someone else profit in some way. Malicious software can come in many forms, from Keyloggers to Clipboard Hijackers to RATs and Trojans.

This malware can be used to steal your funds by taking your private keys (the access key to your public address) and transferring your funds away.

How Can I Mitigate This?

To mitigate this, users should always practice safe computing habits. Here are some useful tips:

• Do not download files from e-mail or websites that you don't know or trust.
• Get in the habit of running periodic antivirus/antimalware scans on your computer.
• Do not use public networks for anything related to cryptocurrency. Public networks expose your browsing habits to anyone on the network listening for them.
• Download an antivirus and firewall software for your computer.
• Do not allow others to have unmonitored access to your computer.

Keyloggers

Keyloggers can be used to record your private keys/keystore passwords/Secret Recovery Phrases.

Clipboard Hijackers

Clipboard Hijackers can be used to for public key replacement which is an attack in which a bad actor's malware watches your clipboard and when it sees strings that resemble Ethereum, Bitcoin, Monero, or Litecoin public keys, it replaces the copied public key with their own, previously-specified public key. That way, when you go to paste it into a send box to send your funds to someone or some organization, you actually end up sending to the attacker.

Reference:

• ComboJack
• Cryptoshuffler

If you don't understand any of the terms in this article, please try referencing our Ethereum Glossary.