Search This Blog

Powered by Blogger.

Blog Archive

Labels

Report: Clipminer Botnet Operators Rake in $1.7 Million

Symantec found roughly 34.3 Bitcoin and 129.9 Ethereum in some of the addresses controlled by the attackers.

 

According to Symantec security experts, cyber criminals operating the Clipminer botnet have made at least $1.7 million in illegal earnings to date. 

The Clipminer trojan spreads via trojanized cracked or pirated software and shares characteristics with the cryptomining trojan KryptoCibule, implying that it is either a copycat or a development of the latter. Clipminer was discovered around January 2021, shortly after KryptoCibule was revealed in an ESET research study, suggesting a probable rebranding of the same threat, according to Symantec. 

Once inside a machine, the malware may exploit its resources to mine for bitcoin, but it can also change clipboard data. When Symantec detects that a user has duplicated a cryptowallet address, it replaces it with the address of an attacker-controlled wallet in order to reroute cash there. 

“On each clipboard update, it scans the clipboard content for wallet addresses, recognizing address formats used by at least a dozen different cryptocurrencies. […] For the majority of the address formats, the attackers provide multiple replacement wallet addresses to choose from,” Symantec added. 

Within the malware, the researchers discovered a total of 4,375 distinct cryptowallet addresses, 3,677 of which are utilised for only three different types of Bitcoin addresses. Symantec discovered about 34.3 Bitcoin and 129.9 Ethereum in some of the attackers' addresses and stated that some other funds had already been moved to cryptocurrency mixing services. 

“If we include the funds transferred out to these services, the malware operators have potentially made at least $1.7 million from clipboard hijacking alone,” the researchers added.
Share it:

Clipminer

cryptocurrency

KryptoCibule

malware

Trojan

Wallet Address