Key facts:
- With this malware, 15,000 people have been attacked in at least 52 countries around the world.
- The figure stolen by hackers could be “much higher” than estimated.
A report by the analysis and security firm Kaspersky indicates that hackers have stolen some $400,000 in cryptocurrencies so far in 2023. To do this, they have used the Clipper malware, which intervenes in the clipboard of computers.
As indicated in a press release, researchers from that analysis firm determined that more than 15,000 people in 52 countries around the world have been affected by these attacks.
As they explained, the malware that causes the thefts is presented in a counterfeit form of the Tor browser, commonly used to enter the dark web, and where many users carry out transactions with crypto assets for the privacy it offers.
It happens that this type of virus, known as Clipper, allows cybercriminals to ‘hack’ a computer’s clipboard when it detects that the address of a cryptocurrency wallet has been copied. The goal is simple: replace one part of the copied address and introduce another, which leads to the hackers’ coffers.
According to the security firm Kaspersky, among the stolen cryptocurrencies are bitcoin (BTC), ether (ETH), litecoin (LTC), dogecoin (DOGE) and monero (XRP). It adds that most of the thefts were carried out in Russia, where users often download the fake Tor browser, which is officially blocked in the Eurasian country.
However, other countries in the world also stood out among those most affected by these hacker practices. They include Germany, the United States, Uzbekistan, Belarus, China, the Netherlands, the United Kingdom and France. But, says the firm, it is possible that the actual number of those affected “is much higher than estimated.”
That same principle applies to the amount stolen and calculated by Kaspersky. As they suggest, the actual amount stolen by cybercriminals “could be much higher.” This is taking into account that these estimates focus only on the Clipper malware applied to a fake Tor browser.
According to Vitaly Kamluk, who heads the research and analysis unit for the Asia Pacific region at Kaspersky, the counterfeiting of the Tor browser “represents a greater danger than it seems.”
“Not just because it creates irreversible money transfers. But because it also makes it more difficult for a regular user to detect,” Kamluk said. He added that most malware needs a communication channel between the operators and victims.
Clipper malware has been circulating among the cryptocurrency community for some time, with 2019 being the year it began to be used to attack victims. In 2022, CriptoNoticias reported that this virus positioned itself as one of the most threatening to steal people’s bitcoins.
How to avoid being a victim of Clipper malware?
As the security and analysis firm points out, there are ways to avoid falling victim to malware that substitutes wallet addresses on clipboards.
One of them is to download programs and software only from trusted sources, avoiding third-party sites. “Always verify the authenticity of the software before downloading it,” they recommend from Kaspersky.
In turn, they urge to keep software updated, because it makes it difficult for hackers to access and exploit known vulnerabilities. Also, they recommend being careful with links in emails and attachments, where malware is also present.
Finally, they urge you to verify digital signatures before downloading programs, so that it is authentic and has not suffered any type of alteration.
