Fake Proxifier Installer Distributes ClipBanker Crypto Malware via GitHub

Severity: High (Score: 64.5)

Sources: Cybersecuritynews, Gbhackers

Summary

Hackers are exploiting a counterfeit Proxifier installer available on GitHub to deploy ClipBanker malware, which targets cryptocurrency users. This multi-stage malware hijacks clipboard activity to swap cryptocurrency wallet addresses, redirecting funds to the attackers. The attack method involves a trojanized installer that utilizes fileless techniques to evade detection. Users downloading the fake installer are at risk of having their cryptocurrency transactions compromised. The campaign highlights the increasing sophistication of cyber threats targeting digital currency. Currently, there are no specific numbers on affected users or systems, but the potential impact on cryptocurrency transactions is significant. Security professionals are advised to monitor for signs of this malware and educate users about the risks of downloading software from unofficial sources. Key Points: • A fake Proxifier installer on GitHub spreads ClipBanker malware targeting cryptocurrency users. • The malware hijacks clipboard activity to redirect cryptocurrency transactions to attackers. • Users should avoid downloading software from unofficial sources to mitigate risks.

Key Entities

• Malware (attack_type)
• Trojan (attack_type)
• ClipBanker (malware)
• T1036 - Masquerading (mitre_attack)
• T1115 - Clipboard Data (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• GitHub (platform)