Over the last two months, tens of thousands of machines have been infected with a cryptojacking and stealing software, yet the attackers have only taken $6,000.
Only roughly $6,000 was recovered by a trojan that infected tens of thousands of machines in order to mine and steal cryptocurrency.
On October 8, cybersecurity company Doctor Web announced that it has found malware masquerading as office applications, game cheats, and internet trading bots.
More than 28,000 individuals were infected by the cryptojacking and stealing software, primarily in Russia but also in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.
Doctor Web claims that the hackers were only able to steal roughly $6,000 worth of cryptocurrency. The amount of money the malware’s developer might have made from cryptocurrency mining is yet unknown.
Cybersecurity company Doctor Web announced that it has found malware masquerading as office applications, game cheats, and internet trading bots.
More than 28,000 individuals were infected by the cryptojacking and stealing software, primarily in Russia but also in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.
Doctor Web claims that the hackers were only able to steal roughly $6,000 worth of cryptocurrency. The amount of money the malware’s developer might have made from cryptocurrency mining is yet unknown.
The cybersecurity company claimed that malicious URLs in YouTube video descriptions and phony GitHub pages were among the malware’s sources.
How does the malware works?
The cybersecurity company claimed that malicious URLs in YouTube video descriptions and phony GitHub pages were among the malware’s sources.
After infecting a device, malware that is secretly installed uses the computer resources to mine cryptocurrency.
Additionally, a “clipper” keeps track of crypto wallet addresses that users copy to the clipboard on their device. The malware then swaps them out for addresses within the attacker’s control, which is how they stole cryptocurrency.
The malware uses sophisticated techniques to avoid detection, including password-protected archives to bypass antivirus scans, disguising malicious files as legitimate system components and using legitimate software to execute malicious scripts.
In September, crypto exchange Binance warned about clipper malware, noting a spike in activity in late August “leading to significant financial losses for affected users.”
Doctor Web said many of the malware victim’s devices were compromised “by installing pirated versions of popular programs” and recommended only installing software from official sources.
The malware employs advanced methods to evade detection, such as employing password-protected packages to evade antivirus checks, masquerading dangerous files as genuine system components, and executing malicious scripts using legitimate software.
The cryptocurrency exchange Binance issued a warning in September regarding clipper malware, pointing out that a surge in activity in late August “led to significant financial losses for affected users.”
Many of the malware victims’ machines were affected “by installing pirated versions of popular programs,” according to Doctor Web, who advised only installing software from authorized sources.
The sophistication of these malware programs has increased, and they frequently combine clipboard jacking with additional harmful features.
Malware timestamps –
Clipboard-changing malware has been around for years and was particularly prominent after the 2017 crypto bull market.
These types of malware programs have become more sophisticated, often combining clipboard jacking with other malicious functions.
In September, threat intelligence firm Facct reported that malicious actors and scammers were exploiting email auto-replies to spread crypto mining malware.
