$1.7 M stolen by Clipminer using new crypto mining virus

Cybersecurity experts have found a large-scale operation of Clipminer, a new cryptocurrency mining virus that brought its operators at least $1.7 million in transaction hijacking.

According to threat researchers, Clipminer is based on the KryptoCibule malware.

These trojans are created to steal bitcoin wallets, hijack transactions, and mine cryptocurrency on affected gadgets.

Researchers revealed 4375 bitcoin wallet addresses thought to have received stolen funds while investigating this new operation.

Cybersecurity experts have termed the new trojan Clipminer after mapping its activity, which has grown in size since it was discovered.

Clipminer arrives as a WinRAR archive on the host system. Its goal is to profile the host and use the Tor network to download and install the Clipminer payload. Upon execution, the malware produces scheduled activities for persistence and also creates an empty registry key, likely as an infection marker to prevent re-infecting the same host.

The payload then monitors all keyboard and mouse actions. It looks for any analysis programs that are operating in the background. Clipminer starts an XMRig Monero miner configured to utilize all available CPU threads when there is no activity on the host side. The virus watches the clipboard for copied bitcoin addresses and replaces them with those belonging to the attacker on-the-fly, redirecting funds.

The other day, threat actors have stolen more than $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered in 2022.