The malicious file can recover data such as victim’s wallets, WordPress credentials or install a miner to infect the computer.
Avast.io’s group of researchers, decoded, discovered and denounced a new malicious file that threatens the mining community. The name of this malware is Clipsa, which seeks to replace Bitcoin addresses and install undercover miners on computers to take advantage of these equipment.
Recently, experts in the field provided information so that cryptocurrency users can recognize Clipsa. According to experts in the field, Clipsa is a malware that executes multiple negative operations simultaneously, such as stealing or undermining cryptocurrencies with the purpose of generating as much damage as possible.
According to their explanations, Clipsa executes several processes separately after downloading. In this way, hackers can recover data from the clipboard related to the victim’s wallets, WordPress credentials or even install an XMRig miner, infesting the computer of the user.
The procedure followed by hackers is to install the malware on computers as a package of Codec filters for media players. This is how victims download the file without even suspecting that it is a virus, the researchers explain.
Avast.io has blocked more than 70,000 Clipsa attacks on computers in India, Brazil and the Philippines, so these three countries have been, until now, the most exposed ones to malware attacks. In total, the researchers estimate that Avast blocked 360,000 infection attempts. Argentina and Mexico are the other countries in Latin America that have faced more attempts at attacks of this kind.
One of the most notable features of the way this malware operates is that it is capable of replacing the Bitcoin wallet address of the affected computer with an address of the attacker or hacker.
The malware compares the original address of the bitcoins with a file of more than 9,412 addresses and selects the most similar one. In this way, the transfers that the victim should receive fall into the hands of hackers.
In the case of WordPress, if a user has an account of this type on a website, the malware will use programs to find the password and access the page. Once attackers have access, they can use the portal to store information about their attacks and addresses.
Although not all versions of Clipsa have an undercover miner, some hackers have perfected the virus to gain even more cryptocurrencies with the infested computer. Avast makes the alert, so that cryptocurrency users take care of malware, even though it has not been the most successful of all, since in the course of a year Clipsa has only managed to steal 3 BTCs, sent to about 117 addresses.
In 2017, another malware raised USD 63,000 by mining Monero on Windows servers. Similarly, Petya and WannaCry malware generated millionaire losses in Europe two years ago.
Beyond the damage that these harmful applications can cause, security experts advise users to be sure of what they are downloading to their computers, because these malwares are proliferating more strongly on the Internet. In the same vein, said malwares became the biggest threats to the ecosystem last April, according to the Check Point Software Technologies firm.
By María Rodríguez