Cryptocurrency theft by a new piece of malware from affected machines has been discovered. It substitutes the cybercriminal’s wallet address and conceals itself via Telegram.
Regarding Keona Clipper
Cyble researchers have come upon an internet advertisement for the Keona Clipper. The researchers later studied the clipper and offered information about it.
DotNET programming was used to develop Keona, which was further secured using Confuser 1.x.
Since May, the researchers have discovered over 90 distinct Keona samples, indicating widespread deployment.
The cost of the virus now ranges from $49 for one month to $79 for two months to $149 for three months.
Capabilities of Keona Clipper
Once activated, the clipper uses the Telegram API to connect with a Telegram bot that is under the attacker’s control. Additionally, it guarantees that it always runs, even if the machine reboots.
It transfers itself to many places, including the Administrative Tools and Startup directories, to guarantee persistence. Additionally, autostart entries are added to the Windows registry.
The clipper then discreetly checks for clipboard activity and checks bitcoin wallets using regular expressions. More than a dozen different cryptocurrencies, including Bitcoin, Ether, Dashcoin, and Dogecoin, are also stolen by it.
Action suggested
Users should keep close tabs on all bitcoin transactions. Never keep private keys or wallet seeds without protection on any device. These keys should be kept encrypted on a different storage device, a hardware wallet, or both.
