1. Home
  2. VPN / Privacy
We are reader supported and may earn a commission when you buy through links on our site. Learn more

CryptoShuffler Trojan – How to Keep Your Wallet Protected

The CryptoShuffler Trojan is a dire threat to your cryptocurrency wallet that you might not even realize you’re the victim of. Today we’ll show you how this malware works, how you can detect it, and how to remove it from your device. We’ll also show you how to boost your cybersecurity online with a VPN.

Cryptocurrencies such as Bitcoin and Ethereum are getting a lot of attention. Anyone with a powerful computer can mine these digital currencies and convert them to standard cash, a process that’s making a lot of people a lot of money. The ease of cryptocurrency mining has its drawbacks, unfortunately. One such failing is the CryptoShuffler trojan, a piece of malware that replaces a coin miner’s wallet ID so all their hard earned crypto money is funneled into someone else’s pockets.

Overview of Cryptocurrency Mining

Cryptocurrency has a well-deserved reputation for being complex and difficult to understand. While this is certainly true for the inner workings of blockchains and cryptography verification, you don’t need to be a netsec expert to mine a few digital currencies. With a computer and a simple piece of software, you can set any number of devices to peck away in the virtual mines to make a little money while you sleep.

Bitcoin is one of the most popular and certainly the best-known of all the cryptocurrencies, but there are thousands of publicly traded digital coins out there on the market. Each one works in about the same way.

First, a payment takes place out of a user’s wallet, such as paying for a VPN subscription. The transaction is broadcast to the coin’s network where miners solve cryptography puzzles to verify the transaction and submit proof to the public network. That transaction is linked to other verified transactions in what is called the blockchain. Next, other miners verify that block’s integrity, and the process continues down the line. Checks and balances keep the network’s integrity intact, making cryptocurrencies an incredibly useful digital-only money that’s both easy and safe to use for payments online.

RELATED READING: Best VPN to Pay with Bitcoin Safely

How the CryptoShuffler Trojan Works

CryptoShuffler is an insidious piece of malware that’s so simple it might make you scoff. One of the steps everyone takes when they mine bitcoins is to enter a wallet address into their software. This is the crypto equivalent of entering bank account details to get paid.

Wallet addresses are long strings of numbers and letters that look like a crazy complicated password: 1Mz7153HmmUnZ3XTuR2R1t78mGSdzaAtWX. No one’s going to type that in manually; they’re just going to copy/paste it into their mining software. And that’s where CryptoShuffler steps in.

The CryptoShuffler trojan quietly sits on your computer and monitors the clipboard. When it sees a string of text that looks like a cryptocurrency wallet, it replaces it with another wallet address. If the miner isn’t paying attention all of their coins will be deposited directly into the trojan author’s account. It sounds too basic to work, but since 2016 CryptoShuffler has stolen an estimated $150,000 across various cryptocurrencies.

Do I Have the CryptoShuffler Malware?

In all likelihood your computer isn’t infected with the CryptoShuffler trojan. It’s not too common, and it only affects people who actively mine cryptocurrency. The malware doesn’t steal information or hold your device for ransom, it just quietly replaces pasted wallet addresses and collects the resulting revenue. A good virus scanner can easily detect the trojan and remove it, so don’t hesitate to fire up your anti-virus app just to be on the safe side.

How to Protect Yourself from CryptoShuffler

If you do use or mine digital coins such as Litecoin, Bitcoin, Monero, Ethereum, or Zcash, CryptoShuffler is something you should be aware of. The good news is that it’s one of the easiest viruses to detect and remove. The trojan depends on user error to function properly, so a little attention and a few precautions are all you need to keep your Bitcoin wallet safe.

Double Check Your Crypto Wallet

The easiest way to protect yourself from CryptoShuffler is to double check your wallet address after pasting it. You don’t need to memorize the entire string, just look at the first few digits when you copy, then make sure they’re the same after you paste. You can also avoid using the clipboard entirely by typing wallet addresses by hand, but any errors may lead to invalid entries or accidentally deposit the coins into someone else’s wallet.

Keep Your Anti-Virus Scanner Active

A lot of people think anti-virus programs eat up a ton of system resources and don’t need to run in the background. They couldn’t be more wrong. Active scanners check files you download and run, watching for suspicious patterns and stopping viruses in their tracks. If you disable your scanner you’re essentially inviting malware onto your system. Always keep it active, and perform regular scans to catch any sneaky viruses before they become a problem.

Install the Right Browser Extensions

Some trojans and viruses are delivered through scripts that run in your browser. Most of them depend on users clicking fake links or running certain programs while connected, but there are others that hijack forms or send you to other sites that shift malware onto your system. By installing a few trusted browser extensions, however, you can head off most of these malicious attacks before they even begin.

  • uBlock Origin – One of the best adblocking extensions around. Stops most banners, pop-ups, pop-unders, and even script-based miners from loading.
  • Privacy Badger – An incredible script blocking extension that prevents sites from running bad code or tracking you across the web.
  • HTTPS Everywhere – A security extension that forces websites to use encrypted connections to keep you safe from data leaks.

Be Careful on Torrenting Sites

Another common method of distribution for trojans is attaching them to files downloaded from P2P and torrent sites. You may think you’re downloading an app or a game, but what you’re really getting is a virus installation program. The best way to protect yourself here is to avoid downloading anything that might be pirated.

Virus authors like to distribute their malware with popular cracked software, including PC games and programs like Adobe Photoshop. When you run the downloaded files the virus is quietly placed on your system, ready to attack. Stick with legitimate sources at all times and you won’t have to worry about malware stealing your Bitcoin profits.

READ ALSO: How to Recognize Malware Links (and What to Do if You Accidentally Click)

Remove CryptoShuffler with Anti-Virus Software

Most virus scanners have long since been updated with the necessary definitions to search for, quarantine, and remove the CryptoShuffler trojan. It isn’t a stubborn virus by any means, so anti-virus programs can make quick work of it. If you keep your anti-virus app running, it should have kept you safe from this trojan making its way onto your system. You can always run a full scan just in case. Follow the steps below to check your system and remove CryptoShuffler.

  1. Open your device’s virus scanner.
  2. Find the settings page and choose “Update virus definitions
  3. Run a full system scan. This may take up to an hour.
  4. When the scan is complete your software will quarantine and remove any malware.
  5. To see if you had CryptoShuffler, check your definitions for an entry named Trojan-Banker.Win32.CryptoShuffler.gen

Best VPNs for Secure Cryptocurrency

Cryptocurrencies are slowly leaving the niche geek world and becoming a mainstream obsession. Software companies have sprung up to provide mining services, data collection, and even Bitcoin debit cards, all of which push these currencies into the spotlight. As more stores accept crypto payments, more malicious parties will arise to take advantage of unsuspecting users.

VPNs won’t directly stop programs like CryptoShuffler, but they do provide an incredible amount of online privacy and security. Running a VPN means every piece of data that leaves your device gets encrypted, scrambling the information so no one can read it. VPNs also swap your physical IP address with a virtual one to help defeat geo-locating blocks and keep your identity safe. They’re indispensable tools in the modern digital world, and they’re extraordinarily easy to use, too.

You don’t have to tear your hair out when researching a good VPN. We’ve added a few recommended services below, all based on the following criteria. Read up on their strengths and choose the one that best suits your needs. No matter which VPN you sign up for, you’ll enjoy a safer and more private internet experience.

1. ExpressVPN

ExpressVPN - Editors choice

ExpressVPN knows a fast connection is everything when it comes to browsing the internet. If you want to stream a movie, watch Netflix, or download large files, you need all the speed you can get. ExpressVPN is one of the fastest VPNs in the world, offering lightning-fast downloads no matter where you live. Their robust server network extends 3,000+ nodes to 94 countries worldwide, offering premium utility and performance. You’ll also get incredible privacy features to help you stay safe, including 256-bit AES encryption, and a zero-logging policy on traffic, DNS requests, and IP addresses!

Read our full ExpressVPN review.

  • Unblocks US Netflix
  • Fast serves with minimal speed loss
  • OpenVPN, IPSec & IKEv2 Encryption
  • Strict no-logging policy
  • 24/7 Customer Service.
  • Month-to-month plan has high cost.
BEST FOR CRYPTOCURRENCY: ExpressVPN delivers military grade protection without bogging down your Internet connection speed. Get 3 months free and save 49% on the annual plan. 30-day money back guarantee included.

2. NordVPN


The size of a VPN’s network directly impacts your daily internet usage. The more servers a company offers, the more options are at your disposal. NordVPN has one of the largest networks in the business, running nearly 5,800 high-quality servers in 60 different countries, many specialized for specific use cases like P2P, multi-hop encryption, anti-DDoS and more. No matter where you work, live, or travel, with NordVPN you’ll be able to access a fast and secure server without any hassle.

Read our full NordVPN review.

  • Highly affordable plans
  • GooglePlay users rating: 4.3/5.0
  • Allows up to 6 devices to be connected at once
  • Retains no metadata of your browsing
  • Live chat support is available.
  • They can take 30 days to process refunds.
BEST BUDGET VPN: Get a huge 70% discount for signing up for the 3-year plan, taking the monthly price down to only $3.49. Also note that all plans come with a “no hassle” 30-day money-back guarantee.

3. VyprVPN


VyprVPN goes to extreme lengths to provide incredible privacy features. It starts with the Chameleon protocol, an exclusive piece of technology that wraps metadata in an extra layer of encryption, defeating censorship blocks and geo-restricted content in an instant! Combine that with 256-bit AES encryption on all devices, DNS leak protection, and a zero-logging policy that covers both traffic and DNS requests and you’ve got the makings of a super private VPN!

Read our full VyprVPN review.

READER SPECIAL: All plans include a 30-day money back guarantee at only $5/month.


The CryptoShuffler Trojan was something of a surprise. How could something so simple be so effective? With the right tools and a little attention, you can keep yourself safe from malicious code like CryptoShuffler. Do you have any favorite methods you deploy to keep trojans at bay? Let us know in the comments below!

How to get a FREE VPN for 30 days

If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.