xorl %eax, %eax

The “Clipper” malware type

with one comment

With the increasing popularity of crypto-currencies we see more and more attacks focusing in this area. Some popular examples are coin miners delivered via botnets, JavaScript based miners spread via ad networks, etc. A recent addition to this list is the, so called, “Clipper” malware type.

Let’s start with the definition. Clipper is a type of software that looks at the operating system’s data buffer (commonly referred to as clipboard) for anything that resembles a crypto-currency address. If such an address is identified, it will replace it with one owned by the malware operator. I am adding a simple diagram I created to describe the attack below.

At the time of this writing, the three most prominent such malware are “CryptoShuffler”, “ComboJack” and “Project Evrial”. For the former two, Unit 42 of Palo Alto Networks recently published a blog post. “Project Evrial” started in December 2017 by threat actor “Qutra” based on “CryptoShuffler” and it was later (in January 2018) updated by threat actor “emotion” as well as “Qutra”. Both versions are very popular in underground Russian-speaking communities and their price is around $30. You can see one of the latest English advertisements of this malware below.

Based on the above in combination with the continuously growing popularity of crypto-currencies we can assume that more of these type of new malware approaches will be implemented in the future targeting specifically crypto-currencies. On the other hand, it is important to remember that the same techniques can be easily adjusted for other types of attacks and malware.

Written by xorl

March 18, 2018 at 14:25

Posted in malware

One Response

Subscribe to comments with RSS.

  1. Actually, malware is a malicious software which is mainly installed on the system without taking any kind of permission from the owner. It is mainly categorized the malware threat in different type like a well known “Clipper” which is the most dangerous one for any system. It gradually slows down the system as well.

    hp printer assistant

    September 12, 2018 at 19:26

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s