Summary: Binance has issued a warning about an ongoing global threat involving clipper malware that targets cryptocurrency users to facilitate financial fraud. This malware monitors clipboard activity to replace legitimate cryptocurrency wallet addresses with those controlled by attackers, leading to significant financial losses for victims.
Threat Actor: Unknown | clipper malware
Victim: Cryptocurrency users | cryptocurrency users
Key Point :
- Clipper malware, also known as cryware, monitors clipboard activity to steal sensitive data and redirect cryptocurrency transfers.
- Binance reported a spike in clipper malware activity leading to significant financial losses, particularly noted on August 27, 2024.
- The malware is often distributed through unofficial apps and plugins, especially on Android, prompting Binance to advise users against downloading from unverified sources.
- 2023 saw a record $5.6 billion in cryptocurrency fraud losses in the U.S., with investment scams being the most prevalent.
Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker’s control.
In doing so, digital asset transfers initiated on a compromised system are routed to a rogue wallet instead of the intended destination address.
“In clipping and switching, a cryware monitors the contents of a user’s clipboard and uses string search patterns to look for and identify a string resembling a hot wallet address,” the tech giant noted way back in 2022. “If the target user pastes or uses CTRL + V into an application window, the cryware replaces the object in the clipboard with the attacker’s address.”
Binance, in an advisory issued on September 13, 2024, said it has been tracking a widespread malware threat that intercepts data stored in the clipboard with an aim to swap out cryptocurrency wallet addresses.
“The issue has seen a notable spike in activity, particularly on August 27, 2024, leading to significant financial losses for affected users,” the exchange said. “The malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also remain vigilant.”
There is evidence to suggest that these malicious apps are inadvertently installed by users when searching for software in their native languages or through unofficial channels, primarily due to restrictions in their countries.
The company also said it’s taking steps to blocklist the attacker addresses to prevent further fraudulent transactions, and that it has notified affected users, advising them to check for signs of suspicious software or plugins.
Besides urging users to refrain from downloading software from unofficial sources, Binance is calling for exercising caution when it comes to installing apps and plugins and ensuring they are authentic.
Blockchain analytics firm Chainalysis revealed last month that aggregate illicit activity on-chain has dropped by nearly 20% year-to-date, although stolen funds inflows nearly doubled from $857 million to $1.58 billion.
“Scammers for the most part continue to pivot away from broad-based ponzi schemes to more targeted campaigns like pig butchering, work from home scams, drainers, or address poisoning,” it said, adding it observed a “rise in the use of Chinese language marketplaces and laundering networks.”
According to the U.S. Federal Bureau of Investigation (FBI), 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, a 45% increase compared to the previous year.
“The exploitation of cryptocurrency was most pervasive in investment scams, where losses accounted for almost 71% of all losses related to cryptocurrency. Call center frauds, including tech/customer support scams and government impersonation scams, accounted for about 10% of losses associated to cryptocurrency,” the FBI Internet Crime Complaint Center (IC3) said.
A vast majority of the losses with a cryptocurrency nexus originated from the U.S., followed by Cayman Islands, Mexico, Canada, the U.K., India, Australia, Israel, Germany, and Nigeria.
Source: https://thehackernews.com/2024/09/binance-warns-of-rising-clipper-malware.html