Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft says it has detected a new self-propagating malware that spreads via USB drives in search of cryptocurrency information, which it sends to servers controlled by attackers.
The company named the worm Crypto Clipper because it scans the contents of the wallets to match wallet addresses or seed words. When detected, the malware also takes five pictures every 10 seconds. All information and pictures are sent to the attacker through Tor, a network connection that provides anonymous channels by sending traffic through unwanted nodes so that the trees do not capture all the sending and receiving IP addresses. Crypto Clipper establishes a Tor connection using a SOCKS5 proxy, a network protocol that sends people through a proxy server, which forwards them to their destination.
Light rear door
“The integration of this clipper is obvious because it does not rely on a common installer or the IP-based C2 interface,” Microsoft. he said Thursday. “Instead, it uses a portable Tor client, routes traffic through a local SOCKS5 proxy, and combines data theft with remote code execution, turning a hacker with money into a light backdoor.”
Microsoft said it saw the Crypto Clipper spread .the message file on the USB drive. These files store executable code. When the USB drive is plugged into the device, the code checks if it is already installed on the device. If not, the malware downloads through the Tor proxy. To better hide the evidence of the worm, the malware scans the infected USB drive and names .lnk files with similar names.
