HUMINT Operations Uncover Cryptojacking Campaign: Discord-Based Distribution of Clipboard Hijacking Malware Targeting Cryptocurrency Communities

**Executive Summary:** CloudSEK's STRIKE team exposed a Python-based clipboard hijacker (distributed as Pro.exe/peeek.exe) operated by an actor self-styled 'RedLineCyber' that targets cryptocurrency streamers and gaming/gambling Discord communities by social engineering, installs persistence, monitors clipboard contents at ~300ms intervals, and substitutes victim wallet addresses with attacker-controlled addresses across six cryptocurrencies; the report provides static/dynamic analysis, IOCs (SHA-256 hashes, registry run key, attacker wallets), MITRE mapping, detection rules, and mitigation guidance.