ClipBanker Trojan Hijacks Crypto via Masquerading Malware

/MEDIUM
SCW threat-intel
ClipBanker Trojan Hijacks Crypto via Masquerading Malware

Cyber Threat Intelligence has shed light on a sophisticated threat campaign leveraging a Trojanized version of Proxifier software to distribute the ClipBanker malware. This insidious malware employs a multi-stage infection chain, ultimately aiming to pilfer cryptocurrency by stealthily replacing wallet addresses in a user’s clipboard. The initial lure appears to be legitimate-looking software, a common tactic to bypass user suspicion and gain a foothold on target systems.

Once executed, ClipBanker gets to work. Its primary function is to monitor clipboard activity. When it detects patterns indicative of cryptocurrency wallet addresses being copied, it swaps them out with addresses controlled by the threat actors. This means a victim intending to send crypto to one address could unknowingly send it to the attacker’s wallet, a devastating outcome for the unsuspecting user. The complexity of the infection chain suggests a well-resourced and methodical threat group.

What This Means For You

  • Security teams should prioritize endpoint detection and response (EDR) solutions capable of monitoring and alerting on unusual process execution chains, especially those involving legitimate software being used to load malicious payloads, and clipboard manipulation.

By Shimi's Cyber World Editorial

🛡️
Stay ahead of the next attack Weekly threat briefs with severity rankings, MITRE mapping, and IOC exports — straight to your Telegram.
Get My Intel →