An old friend has veered its ugly head. First mentioned on TechTalk in 2016, JIGSAW has made a reappearance with a few updated tweaks. This old form of ransomware has been altered to steal Bitcoin by changing the addresses of wallets and sending the payments to the hacker’s account.
JIGSAW was infamous for appearing on computer screens by displaying the face of its namesake from a popular horror film. Originally reported on Fortinet, similar malware rules appeared except that it did not demand payment. The ransomware was doing it on its own.
The source code for JIGSAW was copied and pasted by several hackers and widely distributed. It is unlikely the original creator is the person behind the mutation. Anyone with C# code capabilities can change JIGSAW to what they envision. In this case, they manipulated it, so it became a new type of crypto jacking.
Out of old code, BitcoinStealer is created
This JIGSAW hybrid looked to take advantage of the ever-popular Bitcoin with a huge payoff in mind. Referred to as “BitcoinStealer,” the malware modifies the clipboard content of a Bitcoin wallet, so the currency is redirected to the hacker.
Source: TechTalk, Valerie Rivera