Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with
clipper malware designed to siphon cryptocurrencies since September 2022.
"Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of global research and analysis team (GReAT) for APAC at Kaspersky,
said.
Another notable aspect of clipper malware is that its nefarious functions are not triggered unless the clipboard data meet specific criteria, making it more evasive.