Download Trust Wallet

How to Detect Malware and How to Stop it From Stealing Your Crypto

Updated on: Nov 17, 2023
Share post
In Brief

In this guide, we explain what malware is, identify the main types of crypto malware out there, and teach you how to protect yourself.

How to Detect Malware and How to Stop it From Stealing Your Crypto

Criminals are now using malicious software designed to drain crypto from infected systems. Read on to avoid becoming the next victim.

What is Malware?

In 2017 a piece of malware called WannaCry infected more than 300,000 computers across 150 countries. It brought major companies to their knees and caused more than $4bn worth of damage. Welcome to malware — the term for ‘malicious’ software purposefully designed to gain unwanted access to a computer system and cause digital damage.

Malware usually infects machines after users have been tricked into clicking a bad link or installing a program they shouldn’t have. More often than not the goal of those behind malware is to make money from their victims.

In the case of WannaCry once a computer was infected all the data on it would be encrypted. Users were then unable to access their own information. They would instead be faced with a demand to pay a ransom in bitcoin to have their data unlocked and control of their computer returned to them.

A lot of the mainstream reporting on malware is about how cybercriminals often demand cryptocurrencies when extorting payments from victims.

For example, in May 2021, a hacking group called DarkSide carried out a malware attack on the systems needed to operate the Colonial Pipeline, which carries millions of barrels of fuel per day between Texas and New York. The pipeline’s owners had to pay nearly $5m in crypto in exchange for the software decryption key needed to unscramble their data.

However, for cryptocurrency users, there is a less discussed but equally as important issue when it comes to the topic of malware. The focus here shouldn’t be on malware that could lock your data in exchange for crypto.

Rather, it’s the existence of malicious software specifically designed to steal your crypto funds.

Common Crypto Malware Tactics You Should Know About

The three most common types of crypto malware tactics are:

All of these are ways you can lose your crypto because of malware. Let’s break down how.

1. Wallet-stealing malware

This is malicious software designed to search an infected user’s computer for “wallet.dat” and other important files related to your crypto. The wallet.dat file contains crucial pieces of info, such as your private and public keys, scripts, and metadata.

Any significant wallet files are transferred to a remote server. The criminals behind the wallet-stealing malware then extract the keys and drain the funds to their own wallet.

The victim’s wallet is empty before they even realize they’ve been infected.

One example of this attack is a piece of malware called InnfiRAT. The name makes more sense when you realize RAT stands for “remote access trojan”.

‘Remote access’ because it lets the criminals do just that — access your system remotely. And ‘trojan’ because the software enters your system disguised as something else. It could be hidden inside an email attachment or application download. This lets the malware get past your defenses (like the Trojan Horse of Greek mythology).

2. Credential-stealing malware

This is malicious software that grabs your login credentials without you knowing.

This type of malware existed before crypto and was previously used to steal login credentials for people’s online banking. With the rise of crypto, it has been retooled to capture credentials for people’s online wallets and exchanges instead.

In short, this malware gives criminals a way to access any crypto assets you may have stored in places that use a login and password.

This is part of the same family of software as the wallet-stealing malware. And so it is often delivered in a similar fashion — bad links, infected attachments, or dodgy downloads.

However, this time the attack is very much focused on stealing your login credentials so those behind the malware can empty exchange wallets without your knowledge.

3. Man-in-the-browser attacks

These are a little bit more subtle. In the previous examples, the malware enters your computer system to extract files or data. With the most popular man-in-the-browser attack the malware is actually inserting data in order to steal your funds.

This is done by compromising your system’s clipboard.

The malware recognizes when you are copying a Bitcoin address to your clipboard. When you then paste that address to send your funds it inserts the criminal’s address instead.

As a result, you end up sending your assets to the wrong place. And because it’s crypto there’s no way of ever recovering them.

In May 2021, the Palo Alto Networks cybersecurity firm reported that a malicious app called ‘WeSteal’ is being sold to criminals online. Its main selling point is the ability to switch out Bitcoin and Ethereum addresses whenever they’re copied and pasted by an infected user.

How to Protect Yourself from Crypto Malware: Six Best Practices

Now you know what malware is, how it works, and how it can steal crypto from you. The next step is to think about how best to defend yourself against these attacks.

Step one: a good place to start is with antivirus software. This is software purposefully designed to prevent, detect and remove malware from your system.

Make sure you get your antivirus software from a reputable brand and established provider.

However, a study by the Dell SecureWorks cybersecurity company found that the average rate of detection of known crypto malware is only 48 percent across the different antivirus options out there. So don’t relax thinking this line of defense is enough on its own.

Step two: credential-stealing malware exists to drain funds from your exchange wallets and other password-protected locations. Protect yourself by implementing two-factor authentication (2FA) on all your accounts.

This means if malware steals your credentials the criminal will still be lacking the one-time PIN needed to log in.

Be careful, though. More advanced malware can intercept the 2FA data once it is created and then send that to the person trying to access your accounts and funds.

Step three: to combat the more advanced 2FA-beating malware it’s important not to leave large amounts of crypto on exchanges. They’re great services for trading crypto. But don’t use an exchange wallet as a place to store your crypto.

This way you have nothing to lose — even if the malware gets past your antivirus software, steals your credentials, and overcomes your 2FA.

Step four: always triple-check the wallet address you are about to send funds to. This isn’t the most sophisticated or technological of defenses. But the man-in-the-browser attack that hijacks your clipboard relies on users not bothering to check precise details.

Don’t rely on technology too much. Check the wallet address is always correct before hitting send. Sure, it’s an added hassle, but it’s an easy way to avoid a terrible mistake.

Step five: be sure to protect your wallet with a strong passphrase. Don’t leave your wallet without the extra layer of defense this action offers. If you put a passphrase in place then it can help stop criminals from decrypting the private keys if the data file is stolen.

However, cybersecurity studies have shown that some of the wallet-stealing malware out there is now packaged with a keylogger. This records the wallet file’s passphrase when keyed in by the user and sends it to the thief.

Step six: the one thing cybercriminals can’t counter is avoiding malware infecting your devices in the first place. Cybersecurity researchers repeatedly emphasize that malware is often downloaded through infected applications or email attachments.

Once your system’s been compromised your funds are usually gone before you even realize anything’s wrong.

As such, the golden rule is to never click on anything you haven’t verified. Malware feeds off people being too casual in their behavior.

Be extremely careful of which sites you visit. Always think twice before downloading anything. And, if possible, download anything you’re not 100% sure of using a separate device from the one where you store your crypto.

Securely Store Your Crypto using Trust Wallet


Trust Wallet is the most trusted and secure non-custodial mobile wallet for bitcoin and other cryptocurrencies.

Keep your crypto safe in your mobile wallet — complete with added passcode security. It’s been carefully designed to protect your holdings.

This also means you can use your desktop or laptop when downloading any email attachments or questionable applications safe in the knowledge your crypto is stored elsewhere.

The beginner-friendly app allows you to securely store digital assets and comes with an in-app DApp Browser to provide you with mobile access to Web3.0 applications.

And remember, malware is usually delivered via infected applications. So be sure to stay safe and only download Trust Wallet via the official website:


Join the Trust Wallet community on Telegram Follow us on X (formerly Twitter) Instagram Facebook Reddit

Note: Any cited numbers, figures, or illustrations are reported at the time of writing, and are subject to change.

Simple and convenient
to use, seamless to explore

Download Trust Wallet