Over the last two months, tens of thousands of machines have been infected with a cryptojacking and stealing software, yet the attackers have only taken $6,000.
Only roughly $6,000 was recovered by a trojan that infected tens of thousands of machines in order to mine and steal cryptocurrency.
On October 8, cybersecurity company Doctor Web announced that it has found malware masquerading as office applications, game cheats, and internet trading bots.
More than 28,000 individuals were infected by the cryptojacking and stealing software, primarily in Russia but also in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.
Doctor Web claims that the hackers were only able to steal roughly $6,000 worth of cryptocurrency. The amount of money the malware’s developer might have made from cryptocurrency mining is yet unknown.
How does the malware works?
The cybersecurity company claimed that malicious URLs in YouTube video descriptions and phony GitHub pages were among the malware’s sources.
After infecting a device, malware that is secretly installed uses the computer resources to mine cryptocurrency.
Additionally, a “clipper” keeps track of crypto wallet addresses that users copy to the clipboard on their device. The malware then swaps them out for addresses within the attacker’s control, which is how they stole cryptocurrency.
The malware uses sophisticated techniques to avoid detection, including password-protected archives to bypass antivirus scans, disguising malicious files as legitimate system components and using legitimate software to execute malicious scripts.
In September, crypto exchange Binance warned about clipper malware, noting a spike in activity in late August “leading to significant financial losses for affected users.”
Doctor Web said many of the malware victim’s devices were compromised “by installing pirated versions of popular programs” and recommended only installing software from official sources.
Malware timestamps –
Clipboard-changing malware has been around for years and was particularly prominent after the 2017 crypto bull market.
These types of malware programs have become more sophisticated, often combining clipboard jacking with other malicious functions.
In September, threat intelligence firm Facct reported that malicious actors and scammers were exploiting email auto-replies to spread crypto mining malware.
Leave a Reply