silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Read more below:A new malware strain named Clipsa has been making the rounds for the past year, infecting users from all over the world.
What stands out about this new threat is that besides classic malware features -- such as the ability to steal cryptocurrency wallet files, install a cryptocurrency miner, and hijacking the user's clipboard to replace cryptocurrency addresses -- Clipsa also includes a somewhat strange feature that allows it to launch brute-force attacks against WordPress websites.
This behavior is strange, mainly because most brute-force attacks against WordPress sites are carried out by botnets of infected servers or IoT devices.
Seeing desktop malware launch brute-force attacks on WordPress sites isn't novel, but it's strange and extremely rare.
"While we cannot say for sure, we believe the bad actors behind Clipsa steal further data from the breached [WordPress] sites," said Avast malware researcher Jan Rubín, in a technical deep dive into Clipsa's features he published earlier this week.
"We also suspect they use the infected [WordPress] sites as secondary C&C servers to host download links for miners, or to upload and store stolen data," he said.
New Windows malware can also brute-force WordPress websites
Avast discovers strange new malware strain that besides stealing and mining cryptocurrency on infected hosts, it also launches brute-force attacks on WordPress sites.
www.zdnet.com
Clipsa - Multipurpose password stealer - Avast Threat Labs
High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on...
decoded.avast.io