April 5, 2023Rabbi LakshmananCyber ​​Threat/Malware

Portuguese users targeted by new codenamed malware crypto clippy You can steal cryptocurrencies as part of a malvertising campaign.

This activity utilizes SEO poisoning techniques to direct users searching for “WhatsApp Web” to malicious domains that host malware. Palo Alto Networks Unit 42 Said In a new report released today.

CryptoClippy, a C-based executable, is a type of cryware known as clipper malware that monitors a victim’s clipboard for content that matches cryptocurrency addresses, allowing it to access wallets under the attacker’s control. Replace with your address.

According to Unit 42 researchers, “Clipper malware uses regular expressions (regexes) to identify the type of cryptocurrency an address is associated with.

“We then replace the clipboard entry with a visually similar but appropriate attacker-controlled cryptocurrency wallet address. Then you actually send the cryptocurrency directly to the attacker.”

clipper malware

This illegal scheme is estimated to have brought in around $983 in profits so far, and victims have been found across the manufacturing, IT services, and real estate industries.

It is worth noting that the actors associated with GootLoader employ tainted search results to deliver malware. malware.

upcoming webinars

Learn How to Secure Your Identity Perimeter – A Proven Strategy

Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!

Don’t miss it – secure your seat!

Another approach used to determine suitable targets is the Traffic Direction System (TDS). It checks if the preferred browser language is Portuguese and if it is, it directs the user to a fraudulent landing page.

Users who do not meet the required criteria are redirected to the legitimate WhatsApp web domain without further malicious activity, thus avoiding detection.

According to the findings, SecurityScorecard Luma It can collect data from web browsers, cryptocurrency wallets, and various apps such as AnyDesk, FileZilla, KeePass, Steam, and Telegram.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog