Crypto Opinions & News Clipminer Rakes in $1.7m in Crypto Hijacking Scam

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://www.theregister.com/2022/06/03/clipminer-cryptocurrency-millions/
A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team. The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.
Click to expand...
The malware appears to be spread through trojanized downloads of cracked or pirated software. Clipminer drops a WinRAR archive into the host and automatically extracts and drops a downloader in the form of a dynamic link library (DLL). Once executed, it ensures that it will start again if it gets interrupted. It then creates a registry value and renames itself, putting it into a Windows temporary file.

From there the malware collects details of the system and connects back to the command-and-control server (C2) over the Tor network. The malware also creates scheduled tasks to ensure persistence on the infected system and two new directories containing files copied from the host to make it less likely that the malicious files will stand out and obfuscate their existence. An empty registry key also is created to ensure that same host isn't infected again. "On each clipboard update, it scans the clipboard content for wallet addresses, recognizing address formats use by a least a dozen different cryptocurrencies," the researchers wrote. "The recognized addresses are then replaced with addresses of wallets controlled by the attacker.
Click to expand...
www.theregister.com

Clipminer group rakes in $1.7 million in crypto hijacking

Crooks divert transactions to own wallets while running mining on the side
www.theregister.com www.theregister.com
 
  • Wow
  • Like
Reactions: harlan4096, silversurfer and Brahman

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
Security News Lego's website was hacked to promote a crypto scam
Replies
0
Views
1,518
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
Crypto Opinions & News Hacker locks Unicoin staff out of Google accounts for 4 days
Replies
0
Views
671
Crypto News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Malware News Global infostealer malware operation targets crypto users, gamers
Replies
0
Views
1,591
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top