HomeCII/OTNew Variant of Clipper Malware Replaces Victim's Wallet Address

New Variant of Clipper Malware Replaces Victim’s Wallet Address

Published on

spot_img

New variants of the Clipper malware have emerged, targeting individuals engaged in cryptocurrency transactions. These variants are designed to replace users’ credentials with the wallet address of scammers, allowing them to steal funds being transferred. The malware utilizes the clipboard to copy the data pasted on it, which users are being urged not to leave their crypto wallet credentials on.

Several Clipper malware variants, including Atlas clipper, Keyzetsu clipper, and KWN clipper, have been discovered by Cyble Research and Intelligence Labs (CRIL) on the Telegram channel of cyber criminals. Users are likely being lured into this campaign through phishing emails. The Atlas clipper variant, for example, is being advertised on the dark web and can store up to seven crypto wallet addresses. The reduced cost for this variant is $50, and it can delete itself after the fraudulent transaction is completed.

Researchers have analyzed the code of these malware variants to gain insights into their workings. The Atlas clipper variant, for instance, uses functions like OpClipboard(), GetClipboardFormatAvailable(), SetClipboardData(), and CloseClipboard() to initiate the clipper operation, retrieve clipboard data, replace it with a new value, and release the clipboard, respectively. After deleting the executable file, the malware stays on the system for further fraudulent transactions.

The Keyzetsu clipper variant, on the other hand, can store over 12 cryptocurrency wallet addresses and also relies on a Telegram channel for its command and control server. It evades detection by sleeping in the beginning and uses a mutex to ensure only one instance of the malware runs on a system. Similar to the Atlas clipper, it also looks for clipboard data.

Another variant, the KWN clipper, was found to be a 64-bit executable file in the Go language. It also accesses clipboard information to perform fraudulent transactions.

To mitigate the risk of cyber attacks via Clipper malware variants, researchers recommend checking the authenticity of the source before submitting cryptocurrency wallet data, changing passwords regularly and using strong passwords, opting for high-security login processes like OTPs and multi-factor authentication, keeping software updated, and using credible antivirus software for regular checkups to detect and remove malware promptly.

It is important for cryptocurrency users to stay vigilant and take necessary precautions to protect their assets from these evolving malware variants.

Source link

Latest articles

Opera Introduces Paste Protect to Combat ClickFix

Opera Launches "Paste Protect" Feature to Combat ClickFix Attacks In a strategic move to bolster...

AI-Generated Browser Ransomware Exploits Chromium API on Windows, Linux, macOS, and Android

In a significant development within the realm of cybersecurity, researchers from Check Point have...

950 Oracle E-Business Suite Instances Exposed to CVE-2026-46817 Attacks Detected in the Wild

Urgent Security Alert: Nearly 950 Oracle E-Business Suite Instances Exposed Amid Active Exploitation Attempts In...

More like this

Opera Introduces Paste Protect to Combat ClickFix

Opera Launches "Paste Protect" Feature to Combat ClickFix Attacks In a strategic move to bolster...

AI-Generated Browser Ransomware Exploits Chromium API on Windows, Linux, macOS, and Android

In a significant development within the realm of cybersecurity, researchers from Check Point have...