Malware for cryptocurrency theft is spreading on the Internet

Analysts studying computer threats have discovered a new virus called Clipminer. The hackers who created it have earned at least $ 1.7 million from intercepting cryptocurrency transactions.

Symantec researchers said that this trojan focuses on stealing wallet passphrases and intercepting transactions. Interestingly, as soon as the trojan became known to the general public, hackers began to use it even more actively. Moreover, a widespread network of temporary wallets is used to steal funds — Symantec employees have identified at least 4,375 addresses where stolen funds were most likely withdrawn before being passed through the mixer.

Clipminer is downloaded to a computer as a WinRAR archive and automatically unzipped to run a file that loads a dynamic linking library. The DLL creates a new registry key and places itself in the «C:WindowsTemp» folder under a random name. Its purpose is to monitor the victim’s actions and withdraw cryptocurrencies as soon as hackers have the opportunity.