Once executed, the malware communicates with an attacker-controlled Telegram bot via the Telegram API. The difference in those Keona samples might be slight modifications in the code, or just the result of several uses of the Confuser protector, which would generate a different binary each time a sample is submitted to avoid being detected by security solutions based on file signature only. New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password ManagersĬyble researchers could identify over 90 different Keona samples since May 2022, showing wide deployment. How Generative AI is a Game Changer for Cloud Security Must-read security coverageĨ Best Penetration Testing Tools and Software for 2023Ħ Best Cybersecurity Certifications of 2023 NET applications by renaming symbols, obfuscating the control flow, encrypting constant and resources, using protections against debugging, memory dumping, tampering and disabling decompilers, making it harder for reverse engineers to analyze it. ![]() ![]() NET programming language and protected by Confuser 1.x. The malware is sold as a service at the price of $49 for one month. Keona Clipper malware as advertised in a Russian-speaking Dark Web forum. Researchers from Cyble analyzed a new Clipper malware named Keona Clipper by its developer ( Figure A).įigure A Image: Cyble. People transferring cryptocurrencies from their wallet to another rarely check that the copy/paste result is indeed the one that is provided by a legitimate receiver. That malware impersonated MetaMask, a popular crypto wallet, and aimed at stealing credentials and private keys to steal Ethereum funds from the victims, in addition to changing the wallets in the clipboard to obtain more cryptocurrency.Ĭlipper attacks work very well because of the length of cryptocurrencies wallets. Such malware also appeared on the Google Play Store in 2019. The first clipper malware appeared in 2017 on Windows operating systems. SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)Ĭlipper malware is not a new threat, but it is unknown to most users and companies. This way, if an unsuspecting user uses any interface to send a cryptocurrency payment to a wallet, which is generally done by copying and pasting a legitimate destination wallet, it gets replaced by the fraudulent one. If the user copies and pastes the wallet somewhere, it is replaced by another wallet, owned by the cybercriminal. ![]() Image: ~ Bitter ~/Adobe Stock What is clipper malware?Ī clipper malware is a piece of software that once running on a computer will constantly check the content of the user’s clipboard and look for cryptocurrency wallets. Learn more about what the Clipper malware threat is and how to protect from it. This new malware diverts cryptocurrency payments to attacker-controlled walletsĪ new malware dubbed Keona Clipper aims to steal cryptocurrencies from infected computers and uses Telegram to increase its stealth.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |