A new strain of malware called XPhase Clipper has been found to be targeting cryptocurrency users through deceptive websites. The cybersecurity experts at Cyble Research and Intelligence Labs (CRIL) have reported this concerning trend and highlighted how the malware operates. It poses a serious threat to cryptocurrency users by stealing sensitive information, particularly cryptocurrency wallet addresses, from the clipboard.
The XPhase Clipper malware campaign is specifically targeting cryptocurrency users worldwide, with a focus on Indian cryptocurrency enthusiasts. The threat actors behind the campaign are using deceptive tactics to spread the malware, including phishing sites impersonating reputable platforms such as Metamask and Wazirx.
The malware is spread through a zip file containing an array of malicious components, ultimately leading to the execution of the clipper payload in the form of a DLL file. Tactics such as obfuscation and the deployment of deceptive error messages are used to hide the malware’s operations and evade detection.
It is important for cryptocurrency users to be vigilant and cautious when interacting with platforms and downloading files. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
