Dismiss this notice
novaPDF Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5523

Dismiss this notice
Ashampoo PDF PRO Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5524

Dismiss this notice
Undelete 11 Professional Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5522

Dismiss this notice
ExpressVPN Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5521

Dismiss this notice
Macrium Reflect Home Valentines 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=5520


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Bitcoin Investment’ phishing campaign delivers clipboard hijacker malware
#1
Quote:
[Image: shutterstock_365875643.jpg]
  • A new phishing campaign disguised as ‘Bitcoin Investment Update’ delivers a clipboard hijacker malware in order to steal Bitcoins from victims.
  • ‘Task.exe’ clipboard hijacker monitors the Windows Clipboard for bitcoin addresses and if any detected, it will swap it for the bitcoin address owned by the attacker.
What is the issue - A new phishing campaign disguised as ‘Bitcoin Investment Update’ delivers clipboard hijacker malware in order to steal Bitcoins from victims.

The big picture

Researchers from My Online Security detailed the steps taken in this new phishing campaign that delivers clipboard hijackers.
  • The phishing emails include malicious JSE file attachment, which is a JavaScript file that contains a Base64 encoded executable.
  • Once recipients open the attachment, the JSE file gets executed.
  • Once the JSE file is executed, it will decode the Base64 encoded executable file and save it to %Temp%\rewjavaef.exe.
  • Once the Base64 file is executed, ‘Task.exe’ file will be saved to %AppData%\svchost.exe\ folder and executed.
  • ‘Task.exe’ file is the actual payload, the clipboard hijacker malware that is based on the open source BitPing program.
  • A startup file named ‘svchost.exe.vbs’ will be created in the user's Startup folder to ensure the malware starts every time victims logs into Windows.
Source
Image courtesy of  : cyware.com
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
ProtonVPN specialoffer SAVE UP TO 40%
Last Post: tofana
Yesterday 22:47
» Replies: 0
» Views: 15
NordVPN save 75%!
Last Post: tofana
Yesterday 21:43
» Replies: 0
» Views: 15
3-year CyberGhost subscription for only ...
Last Post: tofana
Yesterday 21:34
» Replies: 0
» Views: 18
Zemana AntiMalware 3.0 Beta Updates
Last Post: JM Safe
Yesterday 21:26
» Replies: 17
» Views: 534
ACDSee Photo and Video Editing Software ...
Last Post: tofana
Yesterday 21:26
» Replies: 0
» Views: 23
GFYI [Official] ExpressVPN Valentines 20...
Last Post: pisondi
Yesterday 21:19
» Replies: 17
» Views: 1923
Sophos Home (Antivirus)
Last Post: silversurfer
Yesterday 20:49
» Replies: 2
» Views: 110
80% of the Top Exploited Vulnerabilities...
Last Post: silversurfer
Yesterday 20:05
» Replies: 0
» Views: 21
What is your favourite AntiVirus?
Last Post: jasonX
Yesterday 18:56
» Replies: 24
» Views: 547
What firewall do you use and trust?
Last Post: jasonX
Yesterday 18:54
» Replies: 6
» Views: 136
GFYI [Official] Undelete 11 Professional...
Last Post: Raur
Yesterday 17:15
» Replies: 9
» Views: 581
Apeaksoft Video Converter Ultimate 1.0.1...
Last Post: smieszko
Yesterday 16:27
» Replies: 0
» Views: 20
PM text black?
Last Post: damien76
Yesterday 16:17
» Replies: 7
» Views: 145
ESET PRODUCTS FOR WINDOWS DEVICES 2019
Last Post: damien76
Yesterday 16:13
» Replies: 2
» Views: 52
GFYI [Official] Macrium Reflect Home Val...
Last Post: damien76
Yesterday 16:11
» Replies: 28
» Views: 1662
Win a Samsung Galaxy S10
Last Post: tofana
Yesterday 13:20
» Replies: 0
» Views: 28
Mozilla Firefox 66 Now Available for Dow...
Last Post: silversurfer
Yesterday 13:15
» Replies: 0
» Views: 21
Chromium-Based Microsoft Edge Installer ...
Last Post: silversurfer
Yesterday 13:15
» Replies: 0
» Views: 28
DOOGEE S40
Last Post: tofana
Yesterday 12:19
» Replies: 0
» Views: 18
Roku Streaming Stick+ Giveaway
Last Post: tofana
Yesterday 12:06
» Replies: 0
» Views: 31

[-]
Staffs Online
There are no staff members currently online.