Meet Clipsa: The New Cryptocurrencies Malware

Clipsa is one of the most sophisticated pieces of cryptocurrency and financial malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing bank account credentials, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs.

Clipsa is one of the most sophisticated pieces of cryptocurrency malware out there. This malicious software is capable of stealing/replacing cryptocurrency keys, wallet.dat files, stealing locally saved passwords, social security numbers and installing a CPU cryptocurrency miner XMRig in victims’ PCs. Clipsa is also cable of launching bruteforce attacks against poorly configured wordpress websites.

Clipsa steals cryptocurrency by using information which is stored on a clipboard of the infected system. It simply replaces cryptocurrency wallet addresses that are saved in the clipboard with other addresses that are owned by people who spread the Clipsa password stealer. It aslo searches for cryptocurrency wallets “wallet.dat” fies and send it to the bad actors behind Clipsa.

According to a recent Avast anti-virus report, Clipsa highest infection rate is in India, Brazil and Philipines.

Because Clipsa installs XMRig CPU miner,PCs that are infected with Clipsa start working slower or do not respond at all. Having a miner installed on the operating system might also cause hardware overheat, unexpected system crashes and other problems. Typically, infected computers consume more power which leads to higher electricity bills.

Clipsa targets Windows based PCs and it’s being distrubuted through malicious codec pack installers for media players (Ultra XVid Codec Pack.exe or Installer_x86-x64_89006.exe).