Clipminer Botnet Makes Operators at Least $1.7 Million

Symantec’s Threat Hunter Team, a part of Broadcom Software, has uncovered a cyber-criminal operation that has potentially made the actors behind it at least $1.7 million in illicit gains from cryptocurrency mining and theft via clipboard hijacking.

The malware being used, tracked by Symantec as Trojan.Clipminer, has a number of similarities to another crypto-mining Trojan called KryptoCibule, suggesting it may be a copycat or evolution of that threat.

Clipminer is likely spread via Trojanized downloads of cracked or pirated software. The malware arrives on compromised computers as a self-extracting WinRAR archive that drops and executes a downloader in the form of a packed portable executable DLL file with CPL file extension (although it does not follow the CPL format). The dropped file connects to the Tor network to download Clipminer’s components.

Read more…
Source: Symantec