Keona Clipper

The Keona Clipper is a specialized malware threat that is designed specifically to substitute the data that its victims save in the clipboard of their systems. The clipboard is a buffer space on the OS that provides users with convenient short-term storage for simple data that can then be transferred between different applications. Clippers like Keona are extensively used in attacks targeting crypto enthusiasts with the goal of the cybercriminals being to redirect the funds of the victim towards their own crypto-wallets.

Transactions between crypto-wallets often involve lengthy character strings that serve as the ID of the intended recipient. Few users are willing to type those strings manually, one character at a time. Instead, the vast majority of users are likely to simply copy the entire string in the clipboard and then paste it into the required field. The Keona Clipper can detect when such a crypto-wallet address has been saved in the clipboard and will then proceed to substitute it with a different address, one controlled by its operators. Victims may not even notice the difference in the pasted strings and their money will be inadvertently transferred to the wrong recipient.

What makes the Keona Clipper efficient in its threatening task is its incredibly small size of just 20kb. This factor makes the distribution of the threat far easier, while also hampering detection from anti-malware solutions. Due to its incredibly small footprint on the system, the Keona Clipper could persist there over a prolonged time.