1. Home
  2. VPN / Privacy
We are reader supported and may earn a commission when you buy through links on our site. Learn more

CryptoShuffler Trojan – How to Keep Your Wallet Protected

The CryptoShuffler Trojan is a dire threat to your cryptocurrency wallet that you might not even realize you’re the victim of. Today we’ll show you how this malware works, how you can detect it, and how to remove it from your device. We’ll also show you how to boost your cybersecurity online with a VPN.

Guard your crypto wallet and unblock exchanges anywhere with these VPNs:

  1. NordVPNBest Cryptocurrency VPN – NordVPN offers unparalleled Internet security, with unbreakable NordLynx encryption, leak-proof servers, and zero logging. Unblock exchanges, hide your transactions, and even pay for your VPN in crypto with NordVPN.
  2. Surfshark – The newest VPN on our list is also one of the best, with powerful privacy provisions and blocking of malware links.
  3. ExpressVPN – An exceptional all-round VPN with premium speeds, unstoppable tunneling, and transparent practices on how they handle your data.
  4. VyprVPN – 100% provider owned network and proprietary Chameleon encryption offer the ultimate anonymity online.

Cryptocurrencies such as Bitcoin and Ethereum are getting a lot of attention. Anyone with a powerful computer can mine these digital currencies and convert them to standard cash, a process that’s making a lot of people a lot of money. The ease of cryptocurrency mining has its drawbacks, unfortunately. One such failing is the CryptoShuffler trojan, a piece of malware that replaces a coin miner’s wallet ID so all their hard earned crypto money is funneled into someone else’s pockets.

Overview of Cryptocurrency Mining

Cryptocurrency has a well-deserved reputation for being complex and difficult to understand. While this is certainly true for the inner workings of blockchains and cryptography verification, you don’t need to be a netsec expert to mine a few digital currencies. With a computer and a simple piece of software, you can set any number of devices to peck away in the virtual mines to make a little money while you sleep.

Bitcoin is one of the most popular and certainly the best-known of all the cryptocurrencies, but there are thousands of publicly traded digital coins out there on the market. Each one works in about the same way.

First, a payment takes place out of a user’s wallet, such as paying for a VPN subscription. The transaction is broadcast to the coin’s network where miners solve cryptography puzzles to verify the transaction and submit proof to the public network. That transaction is linked to other verified transactions in what is called the blockchain. Next, other miners verify that block’s integrity, and the process continues down the line. Checks and balances keep the network’s integrity intact, making cryptocurrencies an incredibly useful digital-only money that’s both easy and safe to use for payments online.

RELATED READING: Best VPN to Pay with Bitcoin Safely

How the CryptoShuffler Trojan Works

CryptoShuffler is an insidious piece of malware that’s so simple it might make you scoff. One of the steps everyone takes when they mine bitcoins is to enter a wallet address into their software. This is the crypto equivalent of entering bank account details to get paid.

Wallet addresses are long strings of numbers and letters that look like a crazy complicated password: 1Mz7153HmmUnZ3XTuR2R1t78mGSdzaAtWX. No one’s going to type that in manually; they’re just going to copy/paste it into their mining software. And that’s where CryptoShuffler steps in.

The CryptoShuffler trojan quietly sits on your computer and monitors the clipboard. When it sees a string of text that looks like a cryptocurrency wallet, it replaces it with another wallet address. If the miner isn’t paying attention all of their coins will be deposited directly into the trojan author’s account. It sounds too basic to work, but since 2016 CryptoShuffler has stolen an estimated $150,000 across various cryptocurrencies.

Do I Have the CryptoShuffler Malware?

In all likelihood your computer isn’t infected with the CryptoShuffler trojan. It’s not too common, and it only affects people who actively mine cryptocurrency. The malware doesn’t steal information or hold your device for ransom, it just quietly replaces pasted wallet addresses and collects the resulting revenue. A good virus scanner can easily detect the trojan and remove it, so don’t hesitate to fire up your anti-virus app just to be on the safe side.

How to Protect Yourself from CryptoShuffler

If you do use or mine digital coins such as Litecoin, Bitcoin, Monero, Ethereum, or Zcash, CryptoShuffler is something you should be aware of. The good news is that it’s one of the easiest viruses to detect and remove. The trojan depends on user error to function properly, so a little attention and a few precautions are all you need to keep your Bitcoin wallet safe.

Double Check Your Crypto Wallet

The easiest way to protect yourself from CryptoShuffler is to double check your wallet address after pasting it. You don’t need to memorize the entire string, just look at the first few digits when you copy, then make sure they’re the same after you paste. You can also avoid using the clipboard entirely by typing wallet addresses by hand, but any errors may lead to invalid entries or accidentally deposit the coins into someone else’s wallet.

Keep Your Anti-Virus Scanner Active

A lot of people think anti-virus programs eat up a ton of system resources and don’t need to run in the background. They couldn’t be more wrong. Active scanners check files you download and run, watching for suspicious patterns and stopping viruses in their tracks. If you disable your scanner you’re essentially inviting malware onto your system. Always keep it active, and perform regular scans to catch any sneaky viruses before they become a problem.

Install the Right Browser Extensions

Some trojans and viruses are delivered through scripts that run in your browser. Most of them depend on users clicking fake links or running certain programs while connected, but there are others that hijack forms or send you to other sites that shift malware onto your system. By installing a few trusted browser extensions, however, you can head off most of these malicious attacks before they even begin.

  • uBlock Origin – One of the best adblocking extensions around. Stops most banners, pop-ups, pop-unders, and even script-based miners from loading.
  • Privacy Badger – An incredible script blocking extension that prevents sites from running bad code or tracking you across the web.
  • HTTPS Everywhere – A security extension that forces websites to use encrypted connections to keep you safe from data leaks.

Be Careful on Torrenting Sites

Another common method of distribution for trojans is attaching them to files downloaded from P2P and torrent sites. You may think you’re downloading an app or a game, but what you’re really getting is a virus installation program. The best way to protect yourself here is to avoid downloading anything that might be pirated.

Virus authors like to distribute their malware with popular cracked software, including PC games and programs like Adobe Photoshop. When you run the downloaded files the virus is quietly placed on your system, ready to attack. Stick with legitimate sources at all times and you won’t have to worry about malware stealing your Bitcoin profits.

READ ALSO: How to Recognize Malware Links (and What to Do if You Accidentally Click)

Remove CryptoShuffler with Anti-Virus Software

Most virus scanners have long since been updated with the necessary definitions to search for, quarantine, and remove the CryptoShuffler trojan. It isn’t a stubborn virus by any means, so anti-virus programs can make quick work of it. If you keep your anti-virus app running, it should have kept you safe from this trojan making its way onto your system. You can always run a full scan just in case. Follow the steps below to check your system and remove CryptoShuffler.

  1. Open your device’s virus scanner.
  2. Find the settings page and choose “Update virus definitions
  3. Run a full system scan. This may take up to an hour.
  4. When the scan is complete your software will quarantine and remove any malware.
  5. To see if you had CryptoShuffler, check your definitions for an entry named Trojan-Banker.Win32.CryptoShuffler.gen

Best VPNs for Secure Cryptocurrency

Cryptocurrencies are slowly leaving the niche geek world and becoming a mainstream obsession. Software companies have sprung up to provide mining services, data collection, and even Bitcoin debit cards, all of which push these currencies into the spotlight. As more stores accept crypto payments, more malicious parties will arise to take advantage of unsuspecting users.

VPNs won’t directly stop programs like CryptoShuffler, but they do provide an incredible amount of online privacy and security. Running a VPN means every piece of data that leaves your device gets encrypted, scrambling the information so no one can read it. VPNs also swap your physical IP address with a virtual one to help defeat geo-locating blocks and keep your identity safe. They’re indispensable tools in the modern digital world, and they’re extraordinarily easy to use, too.

You don’t have to tear your hair out when researching a good VPN. We’ve added a few recommended services below, all based on the following criteria. Read up on their strengths and choose the one that best suits your needs. No matter which VPN you sign up for, you’ll enjoy a safer and more private internet experience.

1. NordVPN

NordVPN - Editors choice

The size of a VPN’s network directly impacts your daily internet usage. The more servers a company offers, the more options are at your disposal. NordVPN has one of the largest networks in the business, running nearly 5,800 high-quality servers in 60 different countries, many specialized for specific use cases like P2P, multi-hop encryption, anti-DDoS and more. No matter where you work, live, or travel, with NordVPN you’ll be able to access a fast and secure server without any hassle thanks to the lightning-fast and unbreakably strong NordLynx encryption protocol. 

NordVPN’s leak-proof servers, together with one of the industry’s best no-logging policies, ensure that none of your activity gets out unencrypted and into the hands of hackers, government spies, nosy ISPs, or anyone else. NordVPN won’t singlehandedly stop the CryptoShuffler trojan, but it will ensure you are as hard to target as possible.

Read our full NordVPN review.

  • Very fast speeds make this a strong choice for 4K streaming
  • 5,400+ servers globally
  • Up to 6 simultaneous connections
  • Retains no metadata of your browsing
  • Customer Service (24/7 Chat).
  • Very little
  • They can take 30 days to process refunds.
BEST FOR CRYPTOCURRENCY: NordVPN delivers military grade protection without bogging down your Internet connection speed. Get a huge 68% discount on the 3-year plan ($3.71/mo), backed by a hassle-free 30-day money-back guarantee.

2. Surfshark

Surfshark VPN

Surfshark is without a doubt the best new VPN to launch in the past few years. It offers unbreakable 256-AES-GCM encryption, over 3200 servers in 65 countries for worldwide spoofing, a kill switch, and an independently vetted no-logging policy. Of course, even the strongest standard VPN provisions won’t guard against CryptoShuffler–but Surfshark has a few extra tricks up its sleeve. Namely, the CleanWeb security suite, which preemptively blocks out known malware links along with obnoxious pop-ups and tracking software. Combined with the blanket obfuscation method available on every server and smart browsing habits, and you’ll be a much harder target for Trojan attacks.

Did we mention that Surfshark is dirt cheap, and even accepts cryptocurrency payments for total anonymity? Even if you’re on a tight budget, you can split your subscription with a trusted friend, thanks to unlimited simultaneous connections being allowed and widely promoted by this progressive provider.

  • Reliably unblocks Netflix US, UK, Japan, and more
  • Server selection is dead simple and quick
  • Clean, dead-simple app interface makes constant security a no-brainer
  • Based in the British Virgin Islands, where there are no data retention laws
  • Get help any time of day via email, phone, or live chat.
  • Speeds occasionally suffer a noticeable drop
  • New-kid-on-the-block status may not instill same trust as larger providers.

Read our full Surfshark review.

BEST BUDGET OPTION: Surfshark is a robust cybersecurity suite, and a smart choice for cryptocurrency users. Get 83% off a two-year plan + 3 months FREE for just $2.21 per month.

3. ExpressVPN


ExpressVPN knows a fast connection is everything when it comes to browsing the internet. If you want to stream a movie, watch Netflix, or download large files, you need all the speed you can get. ExpressVPN is one of the fastest VPNs in the world, offering lightning-fast downloads no matter where you live. Their robust server network extends 3,000+ nodes to 94 countries worldwide, offering premium utility and performance. You’ll also get incredible privacy features to help you stay safe, including 256-bit AES encryption, and a zero-logging policy on traffic, DNS requests, and IP addresses!

Read our full ExpressVPN review.

  • Unblocks US Netflix, BBC iPlayer and other streaming services
  • Reliable and fast connections
  • Supports ALL devices
  • No logging policy well enforced
  • 24/7 Customer Service.
  • Power-users configuration options.
GREAT ALL-ROUNDER: Get 3 months free and save 49% on the annual plan. 30-day money back guarantee included.

4. VyprVPN


VyprVPN goes to extreme lengths to provide incredible privacy features. It starts with the Chameleon protocol, an exclusive piece of technology that wraps metadata in an extra layer of encryption, defeating censorship blocks and geo-restricted content in an instant! Combine that with 256-bit AES encryption on all devices, DNS leak protection, and a zero-logging policy that covers both traffic and DNS requests and you’ve got the makings of a super private VPN!

Read our full VyprVPN review.

READER SPECIAL: All plans include a 30-day money back guarantee at only $5/month.


The CryptoShuffler Trojan was something of a surprise. How could something so simple be so effective? With the right tools and a little attention, you can keep yourself safe from malicious code like CryptoShuffler. Do you have any favorite methods you deploy to keep trojans at bay? Let us know in the comments below!

How to get a FREE VPN for 30 days

If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.

1 Comment

  1. just got nordvpn it does work fast if you have a good internet connection, well build service! happy to use!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.