Hackers Stole Bitcoin Through Counterfeit Malware

Researchers from ASEC and Cyble discovered on hacker forums offers of free trojans that are aimed at stealing cryptocurrency from aspiring cybercriminals.

The fake payloads turn out to be clippers. They monitor the victim’s clipboard for cryptocurrency addresses and replace them with the attackers’ wallets. The thieves are focused on stealing Bitcoin, Ethereum and Monero.

According to ASEC, on the Russia Black Hat forum the malware masqueraded as cracked versions of BitRAT and Quasar RAT, which are usually sold for between $20 and $100.

After downloading the software, the victim was directed to an Anonfiles page with a RAR archive, allegedly a dropper for the chosen trojan. The file crack.exe contained in the archive actually installed the malicious ClipBanker, which launches automatically after a reboot.

Cyble researchers found a clipper distributed under the guise of a free version of the AvD Crypto Stealer malware builder. The Bitcoin address embedded in this malware variant received 1.3 BTC (about $54,000), capturing 422 transactions.

Earlier this year, experts uncovered a malicious version of the dnSpy debugger that installed hidden miners and trojans on victims’ computers.

Follow ForkLog’s bitcoin news on our Telegram — crypto news, prices and analysis.