Over the past few months, a malware attack targeted thousands of users’ devices to mine and steal crypto assets. Despite its broad reach, the attack has only made about $6,000.
A report by the cybersecurity firm Doctor Web revealed that the malware was hiding in plain sight. It was disguised as legitimate software, such as office programs, game cheats, and online trading bots.
How Clipper Malware Steals Crypto Holdings?
According to Doctor Web’s report, the crypto-jacking software infected over 28,000 users, mainly in Russia. It also affected people in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.
The report noted that the hackers stole only about $6,000 in cryptocurrency, a small amount compared to the number of infections. However, it is still unclear how much the malware creator made from crypto mining.
Doctor Web explained how the malware spreads. It comes from fake Github pages and YouTube video descriptions that may have harmful links.
When the malware infects a device, it runs hidden software that takes over the computing power to mine cryptocurrency. The malware also uses a tool called a “clipper,” which it uses to watch the crypto wallet addresses that users copy to their clipboard.
When a user copies an address, the malware replaces it with one controlled by the hacker, allowing them to steal cryptocurrency from the users.
Detecting this malware is tricky because it is very clever in how it hides itself. It uses advanced methods to avoid being found, including creating password-protected files, which help it slip past antivirus scans.
Also, the malware can disguise itself as a genuine system file, making it harder for people to notice something wrong. Additionally, it uses legitimate software to run harmful scripts that help it stay hidden and continue its attack.
Binance Warns Users of Rising Clipper Malware Threat Amid Financial Losses
In September, the crypto exchange Binance issued a warning about clipper malware. It noticed an increase in this type of malware activity during late August.
Moreover, the malware’s increased activity has led to significant financial losses for many users and has become a concern to Binance.
Binance explained that clipper malware can be very harmful. It can monitor what people do with their digital asset wallets and change a user’s wallet address when the user copies it from the clipboard.
The user would think they are sending crypto to a safe address without realizing they might be sending it to a hacker’s address. Due to this, many people have lost a lot of money without even realizing it. Therefore, Binance alerted users to take proactive steps to protect themselves.
Doctor Web explained that many people become victims of malware because they install pirated versions of popular programs. The security platform recommends that users only install software from official sources.
Clipboard-changing malware has existed for many years. It became widespread after the rapid rise in cryptocurrency prices in 2017. Over time, these malware programs have become more advanced.
In September, a threat intelligence firm called Facct reported more bad news. It found that hackers and scammers used email auto-replies to spread crypto-mining malware.