Security experts have discovered a new example of hackers targeting hackers using clipboard stealers masked as cracked RATs and malware building tools. Clipboard stealers are popular malware that monitors a victim’s clipboard material for cryptocurrency wallet addresses and replaces them with those related to the malware operator. It lets attackers hijack bank operations in real-time and move funds to their accounts. These cybercriminals target famous cryptocurrencies, like Bitcoin, Ethereum, and Monero.
ASEC researchers discovered phony clipboard stealer offers on hacker sites such as ‘Russian Hackers.’ Cracked versions of BitRAT and Quasar RAT, both commodity malware with a price tag of $20-$100, were used to entice potential hackers. Those who try to download any of the available files are routed to an Anonfiles page, which downloads a RAR package that is apparently a malware generator. The “crack.exe” file in these archives is a ClipBanker installer that copies the malicious binary to the startup folder and runs it on the first boot.
Another report on phony stealers comes from Cyble, whose investigators discovered an offer for a free month of AvD Crypto Stealer on a cybercrime forum. The victims in this case also download what is ostensibly a malware constructor and run an application entitled ‘Payload.exe,’ expecting that this will allow them free access to the crypto stealer. This activity infects their system with a clipper that targets Ethereum, Fantom, Avalanche, Polygon, Binance Smart Chain, and Arbitrum. Cyble discovered that the Bitcoin address hardcoded on this variation sample received 1.3 BTC (around $54,000) by intercepting 422 transactions.
While it is common for hackers to target ordinary users, it is not uncommon to find hackers attempting to trick fellow hackers with some success. Inexperienced or irresponsible threat actors frequently take advantage of free malware they locate on obscure or poorly monitored websites and install it without hesitation on their PCs. These victims may have bitcoin earned due to several malicious activities. Even though these initiatives do not address any of the fundamental issues that ordinary internet users face, they are yet another reason why being involved in cybercrime is a terrible decision.
