A new information stealing Trojan called Evrial is being sold on criminal forums and being distributed in the wild. Evrial monitors the Windows clipboard for certain strings and replaces them with ones sent by the attacker. This allows the attacker to reroute a cryptocurrency payment to an address under their control. This is done by replacing legitimate payment addresses and URLs with addresses under the attacker’s control. In addition to monitoring and modifying the clipboard, Evrial will also steal bitcoin wallets, stored passwords, documents from the victim’s desktop, and a screenshot of the active windows.
Source: https://www.bleepingcomputer.com/news/security/evrial-trojan-switches-bitcoin-addresses-copied-to-windows-clipboard/