Cointelegraph
DOGE$0.07138 2.34%
TRX$0.3251 1.90%
LINK$7.81 2.85%
ZEC$492.66 8.38%
ADA$0.1561 4.41%
XRP$1.05 3.34%
ETH$1,758.75 2.94%
BTC$62,038.32 2.95%
XMR$320.58 2.72%
BNB$564.34 2.16%
XLM$0.1798 3.97%
SOL$74.32 3.59%
HYPE$62.72 7.38%
Written by Martin Youngstaff writerReviewed by Ana Paula Pereirastaff editor

Crypto-swiping malware infects 28K users, steals just $6K: Report

Latest NewsPublishedOct 10, 2024

A cryptojacking and stealing malware has infected tens of thousands of devices over the past few months, but the attackers have stolen only $6,000.

cryptojacking-stealing-malware-infects-28k-stole-6k-doctor-web

A malware that infected tens of thousands of devices to mine and steal crypto has ended up bagging only about $6,000.

Cybersecurity firm Doctor Web reported on Oct. 8 that it detected the malware disguising itself as legitimate software, such as office programs, game cheats and online trading bots.

The cryptojacking and stealing software infected more than 28,000 users, mainly in Russia but also in Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan and Turkey.

The hackers were able to swipe only about $6,000 worth of crypto, according to Doctor Web. Still, it’s unknown how much the malware’s creator may have earned from crypto mining.

The cybersecurity firm said the malware’s sources included fraudulent GitHub pages and YouTube video descriptions with malicious links.

Once a device is infected, stealthily deployed software hijacks computing resources to mine crypto.

A “clipper” also monitors crypto wallet addresses that users copy onto their device’s clipboard, and the malware replaces them with addresses controlled by the attacker — which is how they swiped crypto.

Malware, Scams
Malware, Scams

Malware attack chain. Source: Doctor Web

The malware uses sophisticated techniques to avoid detection, including password-protected archives to bypass antivirus scans, disguising malicious files as legitimate system components and using legitimate software to execute malicious scripts.

In September, crypto exchange Binance warned about clipper malware, noting a spike in activity in late August “leading to significant financial losses for affected users.”

Doctor Web said many of the malware victim’s devices were compromised “by installing pirated versions of popular programs” and recommended only installing software from official sources.

Related: New Android malware steals private keys from screenshots and images

Clipboard-changing malware has been around for years and was particularly prominent after the 2017 crypto bull market.

These types of malware programs have become more sophisticated, often combining clipboard jacking with other malicious functions.

In September, threat intelligence firm Facct reported that malicious actors and scammers were exploiting email auto-replies to spread crypto mining malware.

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec

1 minute letter

Subscribe to daily byte-sized crypto news from Cointelegraph

Subscribe
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

More on the subject