logo

Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper

ID: 667f8484-02eb-5026-892c-4f4c5d0084c3

STIX ID: report--667f8484-02eb-5026-892c-4f4c5d0084c3

Feed Name: HackRead

Threat Score
70/100

Date Published: 2026-06-22

Date Updated: 2026-06-22

Author: Deeba Ahmed

...
...

Check Point researchers uncovered a campaign by a single threat actor who distributed a Rust-based clipboard hijacker (clipper) via fake crypto utilities and amplified trust by buying/faking GitHub stars, SourceForge downloads, YouTube views/comments, and VirusTotal reviews; the malware (Windows .NET loader SniperBot_Premium(Free).exe launching silkebin.exe, and macOS unlocker.command bypassing Gatekeeper) replaces copied cryptocurrency wallet addresses with one of 15,500 attacker-controlled wallets, resulting in direct theft from victims and thousands of reported downloads.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.