As of June 13, attackers used malware to steal $19 000 worth of digital assets

​Trojan for stealing cryptocurrencies found in pirated versions of Windows 10

15.06.2023 - 10:30

164

2 min

What’s new? Experts at Dr.Web reported a Trojan stealing cryptocurrencies. The stealer malware Trojan.Clipper.231, which was distributed by criminals via one of the torrent trackers, was found in unofficial builds of the Windows 10 operating system. Experts warned that the Trojan, written in C++, replaces cryptocurrency wallet addresses in the clipboard with fraudulent ones. As of June 13, $19 000 in digital assets was stolen with it.

Information on the Dr.Web website

What else is known about the Trojan? The first case of Trojan.Clipper.231 infection was reported to specialists by their client in May. Experts analyzed the operating system and found a stealer malware as well as Trojan.MulDrop22.7578 and Trojan.Inject4.57873, which launched it. The Dr.Web team successfully detected and neutralized these threats.

Experts found that the Windows 10 build was pirated and the malware had been embedded in it since it was downloaded from a torrent tracker. The following infected OS builds have been identified:

  • Windows 10 Pro 22H2 19045.2728 + Office 2021 x64 by BoJlIIIebnik RU.iso;
  • Windows 10 Pro 22H2 19045.2846 + Office 2021 x64 by BoJlIIIebnik RU.iso;
  • Windows 10 Pro 22H2 19045.2846 x64 by BoJlIIIebnik RU.iso;
  • Windows 10 Pro 22H2 19045.2913 + Office 2021 x64 by BoJlIIIebnik [RU, EN].iso;
  • Windows 10 Pro 22H2 19045.2913 x64 by BoJlIIIebnik [RU, EN].iso.

According to experts, even though all the builds were available for download on one of the torrent trackers, it cannot be excluded that criminals use other sites to distribute infected system images.

Dr.Web analysts estimated that on June 13 cybercriminals used Trojan.Clipper.231 to steal 0,73406362 BTC and 0,07964773 ETH, which is approximately equivalent to $18 976,29.

In March, Kaspersky Lab experts warned about the spread of a Trojan in the fake Tor browser, which affected about 16 000 cryptocurrency users from 52 countries, and the total damage in 2023 alone exceeded $400 000.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy