Clipper malware used by threat actors to swap IBAN accounts

August 12, 2022

Malicious threat actors are conducting a fraud campaign that takes advantage of the complex structure of the International Bank Account Number (IBAN) numbering system. Reports reveal that the hackers use IBAN clipper malware to substitute legitimate IBAN accounts with attacker-controlled ones.

A couple of months ago, a researcher monitored a group of threat actors on a cybercrime forum that advertises monthly subscription-based clipper malware services targeting the Windows operating system.

Based on the analysis, the attackers could modify or alter a victim’s IBAN account clipboard from a command-and-control panel to hijack a current financial transaction on the target’s system. The threat actors also offered malware solutions to target IBANs in Single Euro Payment Area (SEPA) registered nations.

The IBAN swap malware was first uncovered targeting the financial sector nearly a decade ago. Since then, the threat has evolved over the years to be more potent and elusive to bypass several cybersecurity solutions.

 

The IBAN clipper malware can infiltrate its victim’s system through various methods.

 

Based on reports, the IBAN Clipper malware can access a victim’s network through intrusion tactics such as phishing emails, malicious attachments, malicious URLs, or downloading compromised software from the web or third-party sources.

Researchers also shared a proof-of-concept (POC) video about its operations on a subjected device. According to the video, the clipper malware runs the process in multiple steps to swap the victim’s IBAN with the threat actor’s account number after installation. Therefore, redirecting the transaction to the threat actor’s account can be completed by them efficiently.

This newly emerged threat campaign has been focusing on the financial sector, which has become a very lucrative source of money for any threat actor using the same tactic. Hence, malicious threat actors improve their TTPs and constantly update their malware to avoid antivirus tools.

Furthermore, these clippers have a significant role in increasing the number of financial frauds globally. Organisations should adequately train their employees about these current threats looming around the cybercriminal landscape.

About the author