![]() ![]() After that, the clipper operates in the context of this process. In turn, Trojan.Inject4.57873 uses the Process Hollowing technique to inject Trojan.Clipper.231 into the %WINDIR%\\System32\\Lsaiso.exe system process. This dropper’s task is to mount an EFI system partition to the M:\ drive and copy two other malicious components onto it, after which it is to delete the original trojan files from the C:\ drive, launch Trojan.Inject4.57873, and then unmount the EFI partition. In the first stage, the Trojan.MulDrop22.7578 malicious program is launched via the system Task Scheduler: %SystemDrive%\Windows\Installer\iscsicli.exe The clipper malware initialization occurs in several stages. \Windows\Installer\recovery.exe ( Trojan.Inject4.57873).\Windows\Installer\iscsicli.exe ( Trojan.MulDrop22.7578).The malicious apps in these builds are located in the system directory: isoĪll of them were available for download on one of the torrent trackers, but it is possible that malicious actors are also using other sites to distribute infected system ISO images. The following investigation revealed several such infected Windows builds: Doctor Web’s virus laboratory successfully localized all these threats and neutralized them.Īt the same time, it was discovered that the targeted operating system was an unofficial build and the malicious apps were built into it from the beginning. These were Trojan.Clipper.231 stealer malware as well as the Trojan.MulDrop22.7578 dropper and Trojan.Inject4.57873 injector, which were used to launch the clipper. The analysis our specialists carried out confirmed the presence of trojan applications in the system. As of this moment, malicious actors have managed to steal cryptocurrency in an amount equivalent to about $19,000 US.Īt the end of May 2023, a customer contacted Doctor Web with their suspicion that their Windows 10 computer was infected. Dubbed Trojan.Clipper.231, this trojan app substitutes crypto wallet addresses in the clipboard with addresses provided by attackers. Doctor Web has discovered a malicious clipper program in a number of unofficial Windows 10 builds that cybercriminals have been distributing via a torrent tracker.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |