Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Clipminer Botnet already allowed operators to make at least $1.7 Million

The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec. Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft […]

clipminer

The Clipminer botnet allowed operators to earn at least $1.7 million, according to a report published by security researchers at Symantec.

Researchers at Symantec’s Threat Hunter Team uncovered a cryptomining operation that has potentially made the actors behind it at least $1.7 million in illicit gains. The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking.

The malicious code, tracked by Symantec as Trojan.Clipminer, has many similarities to another cryptominer called KryptoCibule suggesting a possible rebranding of the same threat.

Clipminer was first spotted in early 2021, it likely spread via Trojanized downloads of cracked or pirated software.

The attack chain starts in the form of a self-extracting WinRAR archive that drops and executes a downloader in the form of a packed portable executable DLL file with CPL file extension (although it does not follow the CPL format). Then the downloader connects to the Tor network to download the components of the Clipminer.

The researchers discovered that the operators are controlling a total of 4,375 unique cryptowallet addresses, 3,677 of which are used for just three different formats of Bitcoin addresses.

“The malware includes a total of 4,375 unique addresses of wallets controlled by the attacker. Out of these, 3,677 addresses are used for just three different formats of Bitcoin addresses. Investigating just Bitcoin and Ethereum wallet addresses, we found that they, at the time of writing, contained approximately 34.3 Bitcoin and 129.9 Ethereum.” reads the analysis published by Symantec. “However, some funds had also been transferred to what appear to be cryptocurrency tumblers, also known as cryptocurrency mixing services.”

Experts estimated that Including the funds transferred out to cryptocurrency mixing services, the botnet operators have potentially made at least $1.7 million from clipboard hijacking alone.

clipminer

“Clipminer has proven a successful endeavor, earning its operators a considerable amount of money.” concludes the report published by Symantec that also includes Indicators of Compromise (IoCs).

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cryptocurrency)

[adrotate banner=”5″]

[adrotate banner=”13″]