A new malware has been spotted that steals cryptocurrencies from infected computers. It uses Telegram to hide and replaces the wallet address owned by the cybercriminal.
About Keona Clipper
Researchers from Cyble have spotted an advert online promoting the Keona Clipper. Later, the researchers examined the clipper and provided the details regarding it.
- Keona was created in the DotNET programming language and further protected by Confuser 1.x.
- The researchers have identified over 90 different Keona samples since May, indicating wide deployment.
- At present, the price for the malware is around $49 for one month, $79 for two months, and $149 for three months.
Keona Clipper capabilities
Once executed, the clipper communicates with a Telegram bot controlled by the attacker via Telegram API. Further, it makes sure it always executes, even if the computer reboots.
- To ensure persistence, it copies itself to multiple locations, such as Administrative Tools and Startup folders. Further, autostart entries in the Windows registry are created.
- Subsequently, the clipper quietly monitors for clipboard activity and uses regular expressions to check cryptocurrency wallets. Further, it steals more than a dozen different cryptocurrencies, including Bitcoin, Ether, Dashcoin, and Dogecoin.
What to do?
Users should carefully monitor every payment made in cryptocurrency. Private keys and seeds for wallets should never be stored without protection on any device. These keys should be saved in encrypted form and on a separate storage device or on a physical hardware wallet.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/05d3_shutterstock_1887495730.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock-144282798.jpg)
