The source code of Jigsaw has been available for a long time and is widely distributed online, so the attack is unlikely to be the work of the original ransomware author, as anyone with knowledge of C# code could theoretically tailor the malware to their own ends.
While common sense might indicate that users would notice that the Bitcoin address has changed, BitcoinStealer replaces the legitimate address with a forged one -- but this forged address has similar or the same symbols at the beginning and end of the string, in order to trick the user into believing it is their intended address.
Researchers say that these attacks have successfully stolen at least 8.4 Bitcoin, which currently works out at around $62,000 (£48,000). So while the attack is basic, it seems to be effective.
During the course of its investigation into the malware, Fortinet uncovered similar projects for building and modifying cryptocurrency stealers being advertised on underground forums.
This episode goes to show that even the most basic cyber attacks can result in a big loss for victims. Bitcoin users should always double-check to see if they're sending payments to the right address.