Information security specialists have discovered new evidence that hackers often attack hackers, their own “colleagues in the shop.” The malware, which was distributed on hack forums under the guise of hacked RATs and tools for creating malware, stole data from the clipboard.
Malware that steals or replaces data in the clipboard (often called clippers) is usually used to detect the addresses of cryptocurrency wallets in the clipboard in order to replace them with addresses belonging to the malware operator. This tactic allows attackers to immediately intercept financial transactions and send money to their accounts.
The first malware on underground resources (for example, Russia black hat) was noticed by ASEC researchers. The attackers lured novice hackers with hacked versions of the BitRAT and Quasar RAT remote access trojans, which typically sell for between $20 and $100.
If you download any of the suggested files, you will be redirected to the Anonfiles page, which provides a RAR archive that is supposedly the builder of the selected malware. In fact, the crack.exe file contained in these archives is a ClipBanker installer that only copies the malicious binary to the startup folder and launches it on the first reboot.
The second message about malware came from Cyble experts, who discovered an offer on a hack forum for a free month of using AvD Crypto Stealer.
In this case, the victims also allegedly downloaded the malware builder and ran the Payload.exe executable, assuming that this would give them free access to the AvD Crypto Stealer. In fact, this resulted in their systems being infected with a clipboard-stealing malware that was aimed at stealing Ethereum, Binance Smart Chain, Fantom, Polygon, Avalanche, and Arbitrum.
Cyble found that the bitcoin address hardcoded in this malware sample had already received about 1.3 BTC (approximately $54,000 at current exchange rates) through the interception of 422 other people’s transactions.
Let me remind you that we talked about the fact that Hackers broke into FBI mail server and sent fake cyberattack alerts, and also that Hackers Bypass Firewalls Using Windows Feature.
