Security News > 2022 > June > Clipminer malware gang stole $1.7M by hijacking crypto payments

Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking.
According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware.
Clipminer drops on the host system as a WinRAR archive and extracts automatically to launch a control panel file that downloads a dynamic link library.
Its purpose is to profile the host and download and install the Clipminer payload from the Tor network.
In parallel, the malware constantly monitors the clipboard for copied cryptocurrency addresses and replaces them on-the-fly with others belonging to the attacker, thus diverting payments.
Avoid downloading software from obscure sources to minimize the chances of getting infected with Clipminer or other malware.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)