The operators of a malware strain identified as CryptoShuffler have made at least $150,000 worth of Bitcoin by using an extremely simple scheme.

Crooks infect users with their trojan, which then sits idly on users' computers and does nothing but watch the user's clipboard and replace any string that looks like a Bitcoin wallet with the attackers' address.

When the victim wants to make a payment and copy-pastes the wallet ID inside a payment field, if the user doesn't notice the new address, crooks would receive the payment.

CryptoShuffler has been active since 2016

The trojan has been making the rounds for more than a year. Transactions to CryptoShuffler's Bitcoin wallet reached their peak in late 2016, but Kaspersky Lab detected a new campaign in June 2017.

"The malware described is a perfect example of a 'rational' gain," said Sergey Yunakovsky, Kaspersky Lab malware analyst. "The scheme of its operation is simple and effective: no access to pools, no network interaction, and no suspicious processor load."

CryptoShuffler's Bitcoin wallet currently holds 23.21 Bitcoin, worth over $150,000 at today's (record) Bitcoin price of $6,544.

CryptoShuffler targets other cryptocurrencies as well

Besides Bitcoin, crooks also targeted wallets for other cryptocurrencies, such as Dogecoin, Litecoin, Dash, Ethereum, Monero, and Zcash.

The funds in the wallets for the other cryptocurrencies aren't pennies either, ranging from tens to thousands of US dollars.

CryptoShuffler is one of the most successful malware families targeting cryptocurrencies to date. For example, another malware author wasted months scanning for vulnerable IIS servers to install a Monero miner, only to make $63,000. Making over $150,000 for some code that watches the clipboard and replaces a string is quite the ROI (return on investment).

CryptoShuffler MD5 hash: