Hackers used Keona Clipper malware to steal crypto funds from victims

June 30, 2022
Hackers Keona Clipper Malware Cryptocurrency Infostealer Financial Trojan

A new [.]NET-based clipper malware, dubbed Keona Clipper, was found being sold on underground marketplaces for $49 per month, with an ability to steal cryptocurrency assets from a victim’s crypto wallet inside their computers.

In usual instances, once launched in a compromised device, the clipper malware would constantly check on the user’s clipboard to search for cryptocurrency wallets. If an unaware user copies and pastes their wallet and is reflected on their clipboard, the malware would replace the crypto wallet destination with their own so that the transferring funds would be directed to them.

 

Experts have detected more than 90 Keona Clipper malware samples since May, showing a wide-scale deployment over the cybercriminal landscape.

 

Upon execution on a computer, the Keona Clipper would communicate with its operators’ C2 server through a Telegram API. Additionally, even if the unsuspecting user restarts their device, the clipper malware would always execute itself to continue its attacks.

In ensuring persistence inside the compromised machine, Keona Clipper creates copies of itself to be distributed to different locations such as the computer’s startup folder and admin tools. Afterwards, the malware clipper observes the user’s activities, especially on the clipboard, to check if the user has pasted a crypto wallet destination for a fund transfer transaction.

A wide list of cryptocurrency coins could be stolen by the Keona Clipper operators, including BTC, ETH, XRP, DOGE, USDT, BCH, XMR, XLM, LTC, ZCASH, BNB, DASH, ADA, and NEC.

Active cryptocurrency traders are the most prone to be attacked by clipper malware strains. Thus, it is advised that all users must frequently check their transaction tabs to see if there are any suspicious transactions recorded. Furthermore, confirming a transaction’s crypto wallet destination address is correct before a fund transfer is important to avoid sending funds to fraudulent hands, especially if the computer has been infected with clipper malware.

Experts also recommend that users’ private keys and crypto wallet seeds be stored in separate storage or physical hardware wallets encrypted with strong passcodes. In every crypto-related activity, an AV solution must always be activated to help detect all suspicious activities on a computer. Based on previous studies on clipper malware infections, most users were victimised through phishing; hence, crypto traders must be aware of these threats to protect themselves.

Having your computers kept updated and patched is also a highly recommended measure against threats posed by any form of cyberattacks.

About the author

Leave a Reply