CryptoClippy: New Clipper malware targets Portuguese crypto users

Home/BOTNET, Compromised, Exploitation, Malware, Targeted Attacks/CryptoClippy: New Clipper malware targets Portuguese crypto users

CryptoClippy: New Clipper malware targets Portuguese crypto users

Portuguese users should be wary of CryptoClippy, a new form of malware targeting them in a malvertising campaign. This malware is capable of stealing cryptocurrency if unsuspecting users are not careful.


CryptoClippy is malware that operates as a cryptocurrency clipper. The primary function of this malicious software is to monitor the victim’s clipboard and to recognize instances where the victim copies a cryptocurrency wallet address. Once identified, the malware replaces the copied wallet address with the attacker’s.

“It then replaces the clipboard entry with a visually similar but adversary-controlled wallet address for the appropriate cryptocurrency. Later, when the victim pastes the address from the clipboard to make a transaction, they are actually sending cryptocurrency directly to the threat actor.”

Another approach used to determine suitable targets is a traffic direction system (TDS), which checks whether the preferred language of browser is Portuguese and if so, it takes the user to a rogue landing page.

Indicators of Compromise


  • tunneldrive[.]com – 104[.]21.7.130:80
  • mydigitalrevival[.]com – 172[.]67.160.80:80
  • hollygap[.]com – 172[.]67.134.21:443, 104[.]21.5.250:443
  • yogasmob[.]com
  • preflightdesign[.]com
  • pickconferences[.]com
By | 2023-04-25T04:34:46+05:30 April 7th, 2023|BOTNET, Compromised, Exploitation, Malware, Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!