Clipboard Hijacker
ID |
clipboard_hijacker |
Severity |
critical |
Resource |
System |
Tags |
spyware, stealer |
Description
This detector looks for code that hijacks a user’s clipboard and replaces its contents with malicious data.
Rationale
Usually known as Clipper Malware, it attempts to steal cash from infected systems by altering or stealing data on the Windows clipboard. Microsoft classifies it as cryware, which is malware designed to steal cryptocurrency.
Clipper malware steals Bitcoin by modifying the victim’s clipboard activity and substituting the destination wallet with the attacker’s.
Related Malware campaigns
-
In August 2018, the Clipper virus went up for sale on underground hacking sites, having initially been discovered on Windows in 2017.
-
Even more, ESET research found that Clipper malware was hosted on download.cnet.com, one of the most widely used software hosting websites worldwide.
-
ESET discovered an active Clipper impersonating
MetaMask, one of the most popular cryptocurrency wallets, in theGoogle Play storein February 2019. The program was identified by ESET security solutions as Android/Clipper.C. The main goal of the infection is to obtain control over the victim’s Ethereum coins by stealing the victim’s private keys and login credentials. Nevertheless, it can also substitute an attacker’s wallet address with one that is copied to the clipboard when it comes to Bitcoin or Ethereum.