The Clipsa malware is a threat, which falls in the category of password collectors. The activity of the Clipsa malware seems to be concentrated in several regions – Brazil, India and the Philippines. The Clipsa malware project appears to be in its early stages, and it is likely that its authors may further weaponize this threat.
The creators of the Clipsa malware have opted to disguise their threat as a fake media player or a fraudulent codec pack. The users are urged to install it if they want to be able to view the content on the website. Users online should be very wary of Web pages that require you to install additional software in order to view their contents as this is a commonly used trick to propagate various types of malware.
The Clipsa malware will store its corrupted files in system directories, and then gain persistence by configuring the Windows Registry to starts its files whenever Windows boots up automatically. This threat is able to plant a cryptocurrency miner on the compromised machine. However, the Clipsa malware uses a cunning technique to ensure that the crypto-currency miner will not be spotted by the user. This threat will scan the running, as well as the opened windows every ten seconds. The goal of the scan is to determine if the user has opened the Task Manager or initialized Process Hacker or Process Explorer because these applications will show the user the CPU usage. When a cryptocurrency miner is working, the CPU usage goes through the roof, and it is very likely that the victim may notice that something smells fishy. If such processes are detected, the Clipsa malware will cease its activity immediately.
The Clipsa malware is mainly used to collect login credentials from its victims. However, it has some other capabilities too. Systems infected by the Clipsa malware will execute a script that scans the Internet for WordPress websites that are vulnerable to brute force attacks periodically. If the scan returns valid login credentials for a particular WordPress page, Clipsa will transfer the URL, username, and password to the attacker's control server. The Clipsa malware also monitors the clipboard on the compromised host, and if it detects that the user has copied a cryptocurrency wallet's address, it will erase it and replace it with a wallet that belongs to the attackers. Malware researchers spotted that the Clipsa malware is sometimes delivered with a '.dat' file, which has several thousand Ethereum and Bitcoin wallets, which are all used by the authors of this threat. It appears that the shady operations of the creators of the Clipsa malware have been fruitful – the attackers have generated more than 55 ETH (~$12,000).
Despite this threat being fairly new, it is already showing signs that it may cause headaches to many people around the world. Make sure that you have a legitimate anti-malware application, which will keep your system safe from nasty threats like the Clipsa malware.
Do You Suspect Your PC May Be Infected with Clipsa & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Clipsa as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.