August 7, 2019 – Cybersecurity firm Avast released details on how Clipsa, a crypto stealing malware worked its way across computers around the world, particularly in India and the Philippines.
Disguised as a codec installer for media players, Clipsa is written in Visual Basic and primarily a password stealer. It can steal admin credentials on WordPress sites and replace crypto addresses in the clipboard, not to mention mine cryptocurrency on infected computers.
Clipsa performs several actions, including searching for cryptowallet addresses in the clipboard and then replaced it with the wallet addresses by the bad actors who created it.
Avast also noted how it infects vulnerable WordPress websites:
Once it finds a vulnerable site, it attempts to brute-force its way into the site, sending the valid login credentials to Clipsa’s C&C servers. While we cannot say for sure, we believe the bad actors behind Clipsa steal further data from the breached sites.
According to Avast, Clipsa’s campaign is most prevalent in India where Avast blocked more than 43,000 infection attempts.
In the Philippines, Avas said it protected “more than 15,000 users” from Clipsa. In Brazil, it blocked 13,000 attempts.
Avast found out that when Clipsa is installed, it comes with more than 9,000 addresses that can hold stolen funds. From its findings, the bad actors are successful in stealing over 3 bitcoin, which is Php 1.8 million in today’s exchange rates.
Last year, BitPinas reported the rise of cryptojacking and crypto mining malware globally, particularly in the Philippines. According to Kaspersky Lab, the Philippines is the 9th most attacked country globally and most of these attacks are related to cryptomining. Data sent by Kaspersky Lab revealed 10.6 million web malware infections in the Philippines for the 2nd quarter of 2018. This is twice the number from the 1st quarter (5.6 million) and a massive increase from the same quarter last year.
This article is first published on BitPinas: Crypto Stealing Malware Clipsa Targeted Computers in the Philippines
For news tips, partnership discussions, or press release submissions, please send to firstname.lastname@example.org
Subscribe to our newsletter: