Connect with us

Security

Meet Clipsa: The New Cryptocurrencies Malware

M. Ali

Published

on

Clipsa is one of the most sophisticated pieces of cryptocurrency and financial malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing bank account credentials, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs.

Clipsa is one of the most sophisticated pieces of cryptocurrency malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing locally saved passwords, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs. Clipsa is also cable of launching bruteforce attacks against poorly configured wordpress websites.

Clipsa steals cryptocurrency by using information which is stored on a clipboard of the infected system. It simply replaces cryptocurrency wallet addresses that are saved in the clipboard with other addresses that are owned by people who spread the Clipsa password stealer. It aslo searches for cryptocurrency wallets “wallet.dat” fies and send it to the bad actors behind Clipsa.

According to a recent Avast anti-virus report, Clipsa highest infection rate is in India, Brazil and Philipines.

Because Clipsa installs XMRig CPU miner,PCs that are infected with Clipsa start working slower or do not respond at all. Having a miner installed on the operating system might also cause hardware overheat, unexpected system crashes and other problems. Typically, infected computers consume more power which leads to higher electricity bills.

Clipsa targets Windows based PCs and it’s being distrubuted through malicious codec pack installers for media players (Ultra XVid Codec Pack.exe or Installer_x86-x64_89006.exe).

Daily cryptocurrency trader, miner, technology enthusiast and a full time IT consultant.

Continue Reading
Advertisement
Comments

Bitcoin

A Backdoored Tor Browser is Being Used to Steal Bitcoin From Tor Users

June G. Bauer

Published

on

Tor-Browser-Backdoor

A trojanized version of the Tor Browser is currently targeting Russian users to steal their Bitcoin funds. This was discovered by ESET security researchers.

When victims try make any Bitcoin transactions, the Backdoored Tor browser will automatically replace the original destination address with another address controlled by criminals.

The attackers are promoting their trojanized version of the Tor Browser through posting spam message on some popular Russian cryptocurrency websites to encourage victims to download and use the infected browser. Two domain names are used to distrubute the infected browser tor-browser[.]org and torproect[.]org

At the moment of publishing, the cryptocurrency wallets controlled by the attackers received 863 transactions worth of $40,000 in Bitcoin cryptocurrency.

Example of spam message promoting tor-browser[.]org . Image credit: welivesecurity.com

Continue Reading

Bitcoin

Malicious WordPress Plugins Used to Mine Cryptocurrencies

June G. Bauer

Published

on

WordPress Plugins Used to Mine Cryptocurrencies

Security researchers at Sucuri have discovered a number of fake and malicious WordPress plugins that are being used not just to maintain access on the compromised websites but also to mine cryptocurrencies.

WPframework is a commonly used WordPress malicious plugin that hides itself to be a legitimate plugin, but its a PHP backdoor that will allow attackers to maintain their access even after the initial infection vector has been cleaned up.

The plugin will download Linux executable binary files to mine cryptocurrencies in the background.

What is WordPress?

WordPress is a widely used open source content management system (CMS) written in PHP with back-end MySQL database. WordPress is considered to be the easiest and most powerful blogging and website content management system in existence today. Right now, there are around 75,000,000 websites are using WordPress.

Continue Reading

Altcoins

A Major European Airport Hit By a Monero Mining Malware

M. Ali

Published

on

By

Monero-Mining-Malware

Unnamed major European airport was hit by a Monero mining malware that infected more than half of the airport’s workstations to secretly mine Monero cryptocurrency.

Cyberbit, a cyber security firm revealed in a blog post that the malware mining attack was discovered by Cyberbit’s Endpoint Detection and Response team while deploying their security solution that detected suspicious activity on some airport systems.

The malware used Reflective Dynamic-Link Library (DLL) loading to inject malicious DLLs into a host process running in memory without using the Windows loader and completely bypassing the infected systems’ hard drives.

The malware installed xmrig Monero miner to stealthy mine cryptocurrency on the infected machines.

Continue Reading

Popular