For the past few months, Malware attack targeted devices of thousands of users, mining and stealing crypto assets. Despite the extensiveness of the attack, the attack netted only about $6,000 in profits.
a report An investigation by cybersecurity firm Doctor Web revealed that this malware is hiding in plain sight. Because it was disguised as legitimate software, Office programs, game cheats, online trading bots, etc..
How does Clipper malware steal crypto assets?
According to a report by Doctor Web, the cryptojacking software infected more than 28,000 users, mostly in Russia. People in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan and Türkiye were also affected..
The report notes that the hackers stole only about $6,000 in virtual currency, a small amount compared to the number of people infected. However, it is still unclear how much profit the malware authors made from cryptocurrency mining.
Doctor Web explained how malware spreads. From fake Github pages or YouTube video descriptions that may contain harmful links.
When malware infects a device, it runs hidden software that takes over computing power to mine cryptocurrencies. The malware also uses a tool called “Clipper” to monitor crypto wallet addresses that users copy to their clipboard.
When a user copies an address, the malware replaces it with an address controlled by the hacker. Allows theft of cryptocurrencies from users.
This malware is difficult to detect because it hides itself very well. It uses advanced methods to bypass antivirus scans, such as creating password-protected files, to avoid detection.
Malware also disguises itself as real system files, making it harder for people to notice anything is wrong. moreover, It uses legitimate software to run harmful scripts and continue its attacks covertly..
Binance warns users of growing threat of Clipper malware amid financial losses
In September, the virtual currency exchange Binance issued a warning About Clipper malware. We noticed an increase in this type of malware activity in late August..
Additionally, the increased activity of this malware has caused significant financial losses to many users, which is a matter of concern for Binance.
Binance explained that Clipper malware can be extremely harmful. You can monitor what people are doing with their digital asset wallets, Changes the user's wallet address when the user copies the wallet address from the clipboard.
Users think they are sending cryptocurrency to a secure address without realizing that they may be sending it to a hacker's address. Because of this, many people lose large amounts of money without realizing it. therefore, Binance warned users to take proactive steps to protect themselves.
Doctor Web explained that many people become victims of malware because they install pirated versions of popular programs. The security platform recommends that users only install software from official sources.
Malware that modifies the clipboard has been around for years. It became popular due to the sharp rise in virtual currency prices in 2017.. Over time, these malware programs have become more sophisticated.
In September, a threat intelligence firm called Facct reported more bad news. It has been discovered that hackers and scammers were using automated email responses to spread cryptocurrency mining malware.
