ClipboardWalletHijacker  - qpqeP1529157608 - 300,000 Computers Hacked by ClipboardWalletHijacker Malware Attack

Newly discovered activity wide-spreading crypto-miner called that over 300,000 victims Computer within a single week.

This crypto-Mining Trojan mainly targeting the infected clipboard activities to detect the Bitcoin and Ethereum account address.

Once it detects the clipboard activities that contain either Bitcoin or Ethereum wallet ID, then it tempers the receiving address and redirects the cryptocurrency to its own wallet.

BTC & ETH Clipboard Replacement by

At the Initial stage, malware performing the monitoring the content of the clipboard.

- ClipboardAddressMonitor1 - 300,000 Computers Hacked by ClipboardWalletHijacker Malware Attack

Here ClipboardWalletHijacker recurrent loop contains the attackers own cryptocurrency wallet address.

It’s using the function called “GetClipboardData” to fetch the clipboard to replace the ’s wallet address.

Later If it detects the content is the address of Ethereum wallet, it replaces the address with its own.

- Clipboard - 300,000 Computers Hacked by ClipboardWalletHijacker Malware AttackAttack using own wallet address “0x004D3416DA40338fAf9E772388A93fAF5059bFd5” to replace the victims clipboard address.

Attackers successfully did  46 successful transactions in total using the wallet address.

- ClipboardAddressMonitor4 1024x277 - 300,000 Computers Hacked by ClipboardWalletHijacker Malware Attack

If the Attack didn’t find any Ethereum wallet address then the Trojan checks if it is Bitcoin address, and the address number begins with 1 or 3.

According to 360totalsecurity, If the current date is earlier than 8th of the month, replace the address to “19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL”. Otherwise, use “1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1” instead.

This ClipboardWalletHijacker Malware already hijacked five Bitcoin transaction and the amount of the latest transaction is 0.069 BTC (approximately equivalent to 500 US dollars).

- bitcoin - 300,000 Computers Hacked by ClipboardWalletHijacker Malware Attack

Since the beginning of this year various cruyptojacking attacks are kept raising nowadays, users recommend enabling antivirus while installing new applications.

Also Read:

Telegram Zero day Flaw Abused by Attackers in Wild to Install Malware and Cryptominers

Android Based Malicious CryptoMiner Spreading by Worm that has Infected more than 5,000 devices in 24 hours

PyCryptoMiner – A New Linux Crypto-miner Botnet Spreading over the SSH Protocol to Mining Monero



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here