Connect with us

Security

Meet Clipsa: The New Cryptocurrencies Malware

M. Ali

Published

on

Clipsa is one of the most sophisticated pieces of cryptocurrency and financial malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing bank account credentials, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs.

Clipsa is one of the most sophisticated pieces of cryptocurrency malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing locally saved passwords, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs. Clipsa is also cable of launching bruteforce attacks against poorly configured wordpress websites.

Clipsa steals cryptocurrency by using information which is stored on a clipboard of the infected system. It simply replaces cryptocurrency wallet addresses that are saved in the clipboard with other addresses that are owned by people who spread the Clipsa password stealer. It aslo searches for cryptocurrency wallets “wallet.dat” fies and send it to the bad actors behind Clipsa.

According to a recent Avast anti-virus report, Clipsa highest infection rate is in India, Brazil and Philipines.

Because Clipsa installs XMRig CPU miner,PCs that are infected with Clipsa start working slower or do not respond at all. Having a miner installed on the operating system might also cause hardware overheat, unexpected system crashes and other problems. Typically, infected computers consume more power which leads to higher electricity bills.

Clipsa targets Windows based PCs and it’s being distrubuted through malicious codec pack installers for media players (Ultra XVid Codec Pack.exe or Installer_x86-x64_89006.exe).

Daily cryptocurrency trader, miner, technology enthusiast and a full time IT consultant.

Continue Reading
Comments

Security

Hackers Targeted Coinbase Employees

M. Ali

Published

on

By

Coinbase revealed that its employees were targeted by sophisticated hack attacks leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering.

The attacks started on June 17, where Coinbase’s employees received emails from Gregory Harris, a Research Grants Administrator at the University of Cambridge contained a web link that, when opened in Firefox, would install malware capable of taking over someone’s machine. The attacks were detected and blocked by Coinbase’s security team.

The attackers seems to be highly skilled and experienced in writing exploit codes as they used unpublished Firefox 0-days, they hacked two Cambridge university email accounts, created created a landing page with exploit code at the University of Cambridge official domain and they could bypass Coinbase spam filters.

Coinbase team reached out to Cambridge University to assist in securing their infrastructure and to collect more information about the attacker’s behavior.

Coinbase is a cryptocurrency exchange headquartered in San Francisco, California. Coinbase is considered to be the largest cryptocurrency exchange in USA.

A screen shot from the emails that coinbase stuff received. Image credits to Coinbase

Continue Reading

Security

Smominru Malware Hijacked Half-Million PCs to To Mine Monero

M. Ali

Published

on

By

Over half million Windows based PCs have been infected with Smominru malware that installs a custom version of XMRig is to mine Monero. This was revealed in a recent report that was published recently by Carbon Black Security.

Smominru also steals information from vulnerable targets ( including external IP addresses, internal IP addresses, domain information, usernames and passwords) and send it over to a command and control server (C&C or C2) owned by Smominru’s operators. Access to the hacked systems are being sold on Dark Web at a rate of $6.75 each.

Smominru operators are using different techniques to infect machines. They mainly rely on the use of the EternalBlue (CVE-2017-0144) exploit, but they’ve also deployed EsteemAudit (CVE-2017-0176), both aimed at taking over machines running unpatched Windows OS.

Smominru is not a new malware, it has been around for almost three years now. Last year, Smominru made around $2.3 million for it’s operators (source).

Continue Reading

Exchanges

Binance’s Users KYC Data Reportedly Leaked Online

M. Ali

Published

on

By

It seems that some of Binance exchange’s KYC (Know Your Customer) documents have been hacked and leaked online including selfies of individuals holding up a piece of paper with the word Binance and the date the image was taken, there are literally thousands of KYC identities on a telegram group Find Your Binance KYC.

Some examples of the leaked documents were shared online by a Reddit user, faces and IDs censored for privacy of personal info.

Binances CEO tweeted right after the alleged data was shared online, asking users not to FUD.

Binance exchange issued a statement about the KYC leak stating that Binance was approached by unidentified individual who demanded 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data.

KYC means “Know Your Customer”. It is a process by which some cryptocurrency exchanges obtain information about the identity and address of the customers. This process helps to ensure that exchanges services are not misused. The KYC is required by large exchanges like Binance.

Continue Reading

Trending