Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers.

The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period. Both the credentials and the screenshots are then sent to the attacker through Tor, a network protocol that provides anonymous routing by sending traffic through redundant nodes so logs can’t capture both the sending and receiving IP addresses. Crypto Clipper establishes the Tor connection by using a SOCKS5 proxy, a network protocol that sends traffic through a proxy server, which then forwards it to its final destination.

A lightweight backdoor

“The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure,” Microsoft said Thursday. “Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor.”

Read full article

Comments

Almost 20 years ago, Google pitched Android as the more open alternative to Apple's walled garden. Last year, Google announced it would begin erecting its own walls through developer verification. The company has issued an update on its plans, affirming that the verification system will begin rolling out in select countries later this year. We're also learning which app stores are participating in verification and the timeline for key features like the recently revealed "advanced flow" for bypassing verification.

Google has claimed that developer verification is a necessary change to smartphone software distribution, pointing to the increased prevalence of scams that trick Android users into installing malware apps. Google's solution requires verifying the identities of developers outside the Play Store just like it does for devs publishing on its platform. This has proven to be a contentious change for myriad reasons.

In the new blog post, Google's Matthew Forsythe confirms that the developer verification system is slated to come online on September 30 of this year. The initial deployment will be limited to countries with a high level of app scams: Brazil, Indonesia, Singapore, and Thailand.

Read full article

Comments