Crypto Opinions & News Clipminer Rakes in $1.7m in Crypto Hijacking Scam

Disclaimer: Any information contained on this forum is provided as general market commentary, and does not constitute investment, financial, trading or other sort of advice.

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://www.theregister.com/2022/06/03/clipminer-cryptocurrency-millions/
A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team. The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.
Click to expand...
The malware appears to be spread through trojanized downloads of cracked or pirated software. Clipminer drops a WinRAR archive into the host and automatically extracts and drops a downloader in the form of a dynamic link library (DLL). Once executed, it ensures that it will start again if it gets interrupted. It then creates a registry value and renames itself, putting it into a Windows temporary file.

From there the malware collects details of the system and connects back to the command-and-control server (C2) over the Tor network. The malware also creates scheduled tasks to ensure persistence on the infected system and two new directories containing files copied from the host to make it less likely that the malicious files will stand out and obfuscate their existence. An empty registry key also is created to ensure that same host isn't infected again. "On each clipboard update, it scans the clipboard content for wallet addresses, recognizing address formats use by a least a dozen different cryptocurrencies," the researchers wrote. "The recognized addresses are then replaced with addresses of wallets controlled by the attacker.
Click to expand...
www.theregister.com

Clipminer group rakes in $1.7 million in crypto hijacking

Crooks divert transactions to own wallets while running mining on the side
www.theregister.com www.theregister.com
 
  • Wow
  • Like
Reactions: harlan4096, silversurfer and Brahman

Similar threads

Ink
    • Like
    • +Reputation
    • Wow
Crypto Opinions & News Trezor Support security breach
Replies
3
Views
564
Crypto News
MuzzMelbourne
MuzzMelbourne
silversurfer
    • +Reputation
    • Like
Crypto Opinions & News 'Randstorm' Vulnerability: Millions of Crypto Wallets Open to Theft
Replies
0
Views
518
Crypto News
silversurfer
silversurfer
upnorth
    • Like
    • Wow
Crypto Opinions & News $40 Billion worth of Crypto Crime enabled by Stablecoins since 2022
Replies
0
Views
275
Crypto News
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top