A new malvertising campaign has been launched against Portuguese users to steal their cryptocurrency funds. The campaign uses a new clipper malware, dubbed CryptoClippy, that is statically compiled with Mbed-TLS - a C library that implements cryptographic algorithms along with TLS and SSL protocols.
The campaign has targeted multiple organizations across manufacturing, IT, and real estate sectors.
About the malvertising campaign
According to Palo Alto Networks Unit 42 team, the campaign leverages Google Ads to target users searching for ‘WhatsApp Web’ on the internet.
- The campaign makes use of TDS to trick internet crawlers and redirect victims to malicious landing pages.
- Upon landing on the malicious pages, the victims are prompted to open and download a zip file that executes the PowerShell script in the first stage and CryptoClippy in the final stage.
CryptoClippy capabilities
- Written in C, the CryptoClippy clipper malware is primarily designed to target Ethereum and Bitcoin cryptocurrency wallets.
- It monitors victims’ clipboards for signs of a cryptocurrency wallet address and replaces it with the wallet address used by threat actors.
Similar incident last month
Last month, a similar case wherein threat actors made fortune out of stolen cryptocurrency assets was reported by researchers.
- A widespread clipboard-injector malware campaign had impacted thousands of cryptocurrency users across Russia, the U.S., Germany, China, France, the Netherlands, and the U.K.
- Distributed via trojanized Tor installations that pretended to be the latest versions of the legitimate Tor project, the campaign was believed to be active since September 2022.
What does this indicate?
Researchers highlight that the overall proliferation of cryptocurrency-focused malware has been gaining momentum in the last few years. The use of TDS and the employment of new stealthier techniques and a new clipper malware in the latest instance indicates that threat actors are evolving their tactics to launch sophisticated attacks against cryptocurrency users.
Conclusion
Users must refrain from downloading software and apps from third-party sources to stay safe. Using reliable security solutions and ensuring that operating systems, browsers, and other software are up-to-date with security patches are recommended as important security measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/d28d_shutterstock_391239166.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/285c_shutterstock_2160496255.jpg)
