[x] Block a new version of Keyzetsu a clipboard clipper malware used to hijack crypto transfers.
Description
Threat actors are spreading a new version of the "Keyzetsu" clipboard-hijacking malware and stealing bitcoin payments by abusing GitHub automation tools and fraudulent Visual Studio projects.
The ultimate payload in every instance is a type of malware called Keyzetsu clipboard clipper, which replaces the contents of the Windows clipboard with the attacker's personal information.
Usually, this virus is used to replace the victim's copied cryptocurrency wallet addresses with the attacker's own addresses. This makes it possible for any payments intended to be diverted to wallets controlled by the attackers.
A clipboard clipper, sometimes known as a hijacker, is a type of malware that searches the Windows Clipboard for certain data and replaces it with the attacker's own data when it is found.
Most individuals copy an address from another page, website, or programme because bitcoin addresses are usually lengthy and difficult to remember. In the hopes that the victim won't notice the change, this kind of malware finds the copied address in the clipboard and replaces it with its own.
The money is then transferred to the address controlled by the attacker instead of the intended recipient when the user pastes the address into their wallet to send a bitcoin transaction.
Enhancement idea
Keyzetsua clipboard clipper malware used to hijack crypto transfers.Description
Threat actors are spreading a new version of the "Keyzetsu" clipboard-hijacking malware and stealing bitcoin payments by abusing GitHub automation tools and fraudulent Visual Studio projects.
The ultimate payload in every instance is a type of malware called Keyzetsu clipboard clipper, which replaces the contents of the Windows clipboard with the attacker's personal information.
Usually, this virus is used to replace the victim's copied cryptocurrency wallet addresses with the attacker's own addresses. This makes it possible for any payments intended to be diverted to wallets controlled by the attackers.
A clipboard clipper, sometimes known as a hijacker, is a type of malware that searches the Windows Clipboard for certain data and replaces it with the attacker's own data when it is found.
Most individuals copy an address from another page, website, or programme because bitcoin addresses are usually lengthy and difficult to remember. In the hopes that the victim won't notice the change, this kind of malware finds the copied address in the clipboard and replaces it with its own.
The money is then transferred to the address controlled by the attacker instead of the intended recipient when the user pastes the address into their wallet to send a bitcoin transaction.
Links
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
Add to Free DNS backlists:
IP's
ASN's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a