A new malware called CryptoClippy is targeting Portuguese users in a malvertising campaign that is using SEO poisoning techniques. The malware is a type of cryware known as clipper malware. This type of malware monitors a victim's clipboard for content that matches cryptocurrency addresses and then substitutes the wallet address with one that is under the control of the threat actor. The scheme is estimated to have netted the operators about $983. It is worth noting that the use of poisoned search results to deliver malware has been adopted by threat actors associated with the GootLoader malware.
top of page
bottom of page