I just thought to share this to everyone, I saw this in our local boards here:
[MALWARE] Crypto Stealing Malware Clipsa Targeted Computers in the Philippines by
rosezionjohnReport says that the malicious malware has stolen around 3
BTC not that big but the thing is that it can continue to infect a lot of pc's around the world and the number could grow in months.
What makes this scary is that this malware targeted crypto wallets. As per this blog post by Avast:
High level overview
Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on infected machines. Several versions of Clipsa also deploy an XMRig coinminer to make even more money from infected computers.
Clipsa spreads as a malicious executable file, likely disguised as codec pack installers for media players. Once on an infected device, Clipsa can perform multiple actions, such as searching for cryptowallet addresses present in victims’ clipboards to then replace the addresses victims want to send money to with wallet addresses owned by the bad actors behind Clipsa. Furthermore, Clipsa is capable of searching for and stealing wallet.dat files, and installing a cryptocurrency miner.
Additionally, Clipsa uses infected PCs to crawl the internet for vulnerable WordPress sites. Once it finds a vulnerable site, it attempts to brute-force its way into the site, sending the valid login credentials to Clipsa’s C&C servers. While we cannot say for sure, we believe the bad actors behind Clipsa steal further data from the breached sites. We also suspect they use the infected sites as secondary C&C servers to host download links for miners, or to upload and store stolen data.
You can read all the details here:
https://decoded.avast.io/janrubin/clipsa-multipurpose-password-stealer/Again, we need to be safe and be careful as we don't want to be the next victim here.
I also did saw removal guide
here, but I'm not certain how effective it is.
