From the myriad of malware that we have researched, understood, and shared about this malware uses a different route to prey on its victims. The Clipper malware is famous for replacing the user’s cryptocurrency wallet with the hacker’s own. And due to its typical format, it is difficult to keep track of. In order to lure victims with clipper malware, hackers were seen targeting a private note sharing service, making the attack almost undetectable for the users.
Earlier this month, privnotes(.)com, a legitimate note sharing application registered a complaint that a clone of their site existed without their knowledge and that had been fooling their loyal users for some time. Due to a misleading paid advert for the fake phishing site, a google search for the note sharing service brings up the fake site at the top of the search results instead of the legitimate site. The fake phishing site used an automated script to modify the bitcoin wallet address to that of the hackers through message contents. The scam is harder to spot due to the self-destructing nature of these messages.
For a long while now, cryptocurrency stealers have been using the Clipper malware to replace a wallet address in the clipboard.
In December last year, a Clipper malware was noticed replacing any bitcoin address with the hackers, when the user would execute a copy and paste command.
In September, crypto wallets were exfiltrated by using a malware strain called Masad stealer, using the telegram application as a communication channel.
In February last year, impersonating a legitimate service called Metamask on Google play, a first of its kind clipper malware (Android/clipper.c) was noticed. This malware hacked the user’s credentials and private keys to steal ethereum funds.
Precautions against the clipper
Users are advised on being cautious when using search engines to find sites where they can or would share sensitive information. Users should always check the reviews of the site if they are trying it for the first time and then bookmark them and only trust these sites with their sensitive information after verifying them.
Users should always beware of fake email campaigns, phishing attempts and any website offers related to bitcoin.
To read more, please check eScan Blog