Clipsa malware allows hackers to steal crypto assets

Owners of crypto assets should be on the alert for the Clipsa malware program. This hacking tool has enabled nefarious individuals to steal cryptocurrencies, as well as take administrator credentials and gain access to unsecured WordPress websites. This has enabled them to be able to replace the current URL with crypto addresses present in a clipboard on these infected machines.

This program has been highly successful at corrupting computers and stealing digital assets. The malware is spread using a malicious executable file, that is often embedded in codec packs for media players. Once the computer or other electronic device is infected, the malware can perform several different actions. This includes such things as searching for crypto wallet addresses that are present in the user’s clipboard, changing addresses so that digital currencies are sent to bad actors’ wallets instead, and searching and stealing wallet.dat files. It is also capable of installing a cryptocurrency miner.

The cybersecurity company Avast appears to have been the first to have discovered this malware strain. They recognized that not only was this a danger to consumers because of the ability of the malware to help hackers to steal digital currencies, but also because of its power to create brute force attacks against WordPress sites. While these types of attacks on WordPress sites are rare, they do occur.

“While we cannot say for sure, we believe the bad actors behind Clipsa steal further data from the breached [WordPress] sites,” said Avast malware researcher Jan Rubín.

While the attack on WordPress sites is an interesting feature, the reality is still that this malware is focused on helping hackers to steal cryptocurrencies from users. The malware will first scan a victim’s computer for the wallet.dat file. Once it has found this file, it will then begin the process of stealing the funds from the owner’s wallet. The file is then uploaded to a server, giving the hackers additional information for later use.

Users are encouraged to be more cautious about installing media players. Those being reported as the most likely to contain this malicious codec are Ultra XVid Codec Pack.exe or Installer_x86-x64_89006.exe.

Because Avast was the first to discover this malware, they have already updated their current cybersecurity package to protect against this particular virus, reporting that they have already stopped over 360,000 attacks. Users are encouraged to contact their virus protection company to ensure that the latest update contains protection against this malware program.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]