Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper
ID: 667f8484-02eb-5026-892c-4f4c5d0084c3
STIX ID: report--667f8484-02eb-5026-892c-4f4c5d0084c3
Feed Name: HackRead
Check Point researchers uncovered a campaign by a single threat actor who distributed a Rust-based clipboard hijacker (clipper) via fake crypto utilities and amplified trust by buying/faking GitHub stars, SourceForge downloads, YouTube views/comments, and VirusTotal reviews; the malware (Windows .NET loader SniperBot_Premium(Free).exe launching silkebin.exe, and macOS unlocker.command bypassing Gatekeeper) replaces copied cryptocurrency wallet addresses with one of 15,500 attacker-controlled wallets, resulting in direct theft from victims and thousands of reported downloads.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
