Evrial is an information-stealing trojan for sale on criminal forums for 1,500 Rubles - or about $27 - and is being distributed in the wild. It can steal browser cookies, stored credentials, and monitor the Windows clipboard for certain text and, if detected, can modify that text. The trojan facilitates threat actors in hijacking cryptocurrency payments and Steam trades by replacing legitimate payment addresses and URLs with addresses under the actor's control. Evrial can target Chrome, Yandex, Orbitum, Opera, Amigo, Torch, and Comodo browsers. The trojan's distribution method is currently unknown. The trojan was first discovered by researchers at MalwareHunterTeam and Guido Not CISSP.


  • January 2018: Evrial trojan switches Bitcoin addresses copied to Windows clipboard. (BleepingComputer)

Technical Details

  • BleepingComputer provides technical analysis of Evrial here.