Microsoft discovers new lightweight backdoor that steals cryptocurrency
摘要
微软发现一种新型自传播恶意软件“Crypto Clipper”,通过USB驱动器扩散,专门窃取加密货币钱包地址和种子短语。该蠕虫监控设备剪贴板内容,发现相关模式后,会在10秒内截取5张屏幕截图,并通过Tor网络协议将凭证和截图发送至攻击者控制的服务器。微软指出,该恶意软件不依赖传统安装程序或基于IP的C2基础设施,而是部署便携式Tor客户端,通过本地SOCK
Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers.
The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period. Both the credentials and the screenshots are then sent to the attacker through Tor, a network protocol that provides anonymous routing by sending traffic through redundant nodes so logs can’t capture both the sending and receiving IP addresses. Crypto Clipper establishes the Tor connection by using a SOCKS5 proxy, a network protocol that sends traffic through a proxy server, which then forwards it to its final destination.
A lightweight backdoor
“The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure,” Microsoft said Thursday. “Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor.”
转载信息
评论 (0)
暂无评论,来留下第一条评论吧