Security News > 2022 > June > This new malware diverts cryptocurrency payments to attacker-controlled wallets

A clipper malware is a piece of software that once running on a computer will constantly check the content of the user's clipboard and look for cryptocurrency wallets.
This way, if an unsuspecting user uses any interface to send a cryptocurrency payment to a wallet, which is generally done by copying and pasting a legitimate destination wallet, it gets replaced by the fraudulent one.
That malware impersonated MetaMask, a popular crypto wallet, and aimed at stealing credentials and private keys to steal Ethereum funds from the victims, in addition to changing the wallets in the clipboard to obtain more cryptocurrency.
Clipper attacks work very well because of the length of cryptocurrencies wallets.
Keona Clipper then quietly monitors for any clipboard activity and uses regular expressions to check for any cryptocurrency wallets.
A screen capture from Cyble shows a Bitcoin wallet controlled by the threat actor.
News URL
https://www.techrepublic.com/article/keona-clipper-malware/
Related news
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)