Clipminer malware operations yield $1.7M in profits

Symantec researchers estimated that Clipminer botnet operators were able to exfiltrate at least $1.7 million discovered across 4,375 cryptocurrency wallet addresses, according to SecurityWeek. First discovered in January 2021, the Clipminer malware, which has been suspected to be a rebranded KryptoCibule cryptomining trojan due to their similarities, has not only enabled resource exploitation for cryptomining but also allowed clipboard content alterations, a Symantec report revealed. Clipminer was also discovered to replace cryptowallet addresses. "On each clipboard update, it scans the clipboard content for wallet addresses, recognizing address formats used by at least a dozen different cryptocurrencies. For the majority of the address formats, the attackers provide multiple replacement wallet addresses to choose from," said Symantec. The report also showed that nearly 3,700 cryptocurrency wallet addresses have been leveraged for three varying Bitcoin address formats. Moreover, some attacker-controlled addresses were discovered to have nearly 34.4 Bitcoin and 129.9 Ethereum, while some of the other funds have already been placed in cryptocurrency mixing services.