Threat Intelligence ReportEclecticIQ Fusion Center Report: ComboJack Malware Alters Clipboards to Steal Cryptocurrency (English)

Unit 42 researchers discovered a new currency stealer dubbed "ComboJack", which targets cryptocurrencies and online wallets.

Report from EclecticIQ Fusion Center from Tuesday 6 March 2018.

Key Findings:

  • The malware is being spread via a spam email campaign targeting primarily American and Japanese users.
  • Malware: ComboJack functions by replacing clipboard addresses with an attacker- controlled address which sends funds into the attacker’s wallet.
  • The malware is after Ethereum, Monero, Bitcoin, and Litecoin, but also after funds transferred via Qiwi, WebMoney, and Yandex Money.
  • EclecticIQ Fusion Center analysts uncovered additional related indicators and a user potentially behind this malware.

Download Resource

Download report and STIX entities See other resources