Clipsa is a malware that is well known to cyber security community is able to steal
Avast recently discovered a new strain of
“Avast researchers announced this week that the company has protected more than 253,000 users from
“Once on an infected device, Clipsa can perform multiple actions, such as stealing
Anyway, the presence of the
The experts observed Clipsa spreading as a malicious executable file, for example, disguised as codec pack installers for media players.
The ability to launch brute-force attacks in unusual for a password stealer as explained by Jan Rubín, a malware researcher at Avast.
The campaign appears to be more active in India, where Avast has blocked the largest number of
The higher number of infection was observed in the Philippines and in Brazil. Avast declared that it has protected more than 253,000 users since August 1, 2018.
Experts pointed out that it is rage to detect desktop malware launching brute-force attacks on WordPress sites, they believe the bad actors behind this campaign can steal further data from the hacked websites.
Avast researchers also believe that threat actors could use the compromised WordPress sites as secondary C&C servers to host download links for miners or to upload and store stolen data.
Clipsa also scans the PC for TXT files containing strings in the BIP-39 format used for storing Bitcoin mnemonic seed recovery phrases.
Is this Clipsa campaign profitable?
Experts at Avast analyzed the balances of 9,412 Bitcoin addresses associated with
Experts speculate that the crooks’ profits could be much greater if we consider funds gained by cracking the stolen wallet.dat files and the mining activity.
Avast published technical details about this campaign, including Indicators of Compromise (IoCs), here.
(SecurityAffairs – Clipsa malware, hacking)