HQ/EMEAFind out how we can help your business
A new malvertising campaign that uses a clipper malware called CryptoClippy has started attacking Portuguese users and stealing crypto assets. Based on reports, the developers made the CryptoClippy as a statically compiled malware that has Mbed-TLS – a C library, which is a C library that employs cryptographic algorithms along with SSL and TLS protocols.
Moreover, the latest campaign has targeted several organisations across the manufacturing sectors, Information Technology, and real estate companies.
CryptoClippy exploits Google Ads for its cybercriminal operations.
The CryptoClippy campaign uses Google Ads to target users looking for WhatsApp Web online. In addition, the campaign uses TDS to deceive internet users and redirect them to compromised landing pages.
The attackers will prompt their victims to open and download a zip archive after landing on the malicious redirects. The zip archive runs a PowerShell script in the first phase of the attack and the CryptoClippy malware in the final stage.
The developers coded the CryptoClippy in C; hence, the hackers could target Ethereum and Bitcoin cryptocurrency wallets. The malware then reviews its victims’ clipboards to see if it has a crypto address and replaces it with an attacker-controlled wallet address.
A similar incident occurred last month where the threat actors acquired profits via stolen crypto assets. A widespread clipboard-injector malware campaign has affected numerous cryptocurrency users from different countries, including the United States, China, France, Germany, Russia, and the United Kingdom.
Researchers explained that these incidents spread via trojanised Tor installation, which pretended to be legitimate Tor projects’ latest updates. Moreover, several reports highlighted that the number of crypto-related malware strains has surged over the past few years.
Threat actors now have sophisticated attacks against the cryptocurrency landscape since they utilise new obfuscation techniques with new clipper malware backdoors. Therefore, users should employ a defence mechanism that could safely secure their assets.
Cybersecurity experts suggest cryptocurrency owners refrain from downloading apps and software from unknown or third-party sources to remain safe. Reliable security solutions and updated browsers and software could mitigate the effects of such threats.
