Computer security threats appear to be constantly modernized along with the new technological tools.

These tools are increasingly sophisticated, capable of stealing cryptocurrencies with the most surprising methods. According to information, a virus of the Trojan type called Evrial has the ability to modify the Windows clipboard at its convenience, succeeding in replacing a copied bitcoin address with another property of the hacker. In this way, if a user copies an address to which they wish to send bitcoins, the virus replaces it and the user will end up sending the cryptocurrencies to the address provided by the hacker.

Without a doubt, an ingenious method to steal cryptocurrencies. Evrial, discovered by researchers at MalwareHunterTeam, also has the ability to steal cookies and internet browser credentials. According to the researchers, the virus is on sale in clandestine internet forums for the equivalent of $ 27 US dollars. Vendors say that by purchasing the product an attacker is allowed to access a web panel to build an executable file in which the information contained in the Windows clipboard can be tracked and modified. Security experts assure BleepingComputer that this method is different from other malicious programs that perform similar tasks. Evrial has the ability to identify when and how to replace certain information with another, without executing the change whenever the user makes a copy of information. Evrial detects when a bitcoin address is copied to the clipboard, then proceeds to replace it with an address that is under the attacker's domain.

However, the virus manages to paste this information into a different application, which makes it more complex, they say. Generally, when a user copies a bitcoin wallet address from one place it is to paste it into another application. This bridge manages to be successfully crossed by Evrial, allowing if a bitcoin address is copied from a messaging service, for example, it is stuck identically in the box of an online exchange house or a desktop wallet. The virus can detect the addresses of Bitcoin, Litecoin, Monero and the Qiwi and Steam services and replace them with another provided from a remote site to which it connects via Internet.

Evrial is so dangerous that it can steal credentials and passwords, saving the potential of stealing cryptocurrency wallets and user documents, as well as making and sending screenshots to attackers. The Internet browsers that Evrial tries to attack are Chrome, Yandex, Orbitum, Opera, Amigo, Torch and Comodo. So far it is unknown how this virus is distributed, but the researchers suggest following the conventional IT security mechanisms, such as not saving passwords of cryptocurrency portfolios in the same device, not downloading from uncertified or unknown servers, besides counting with antivirus software to be able to reject any attack.