Also known as: Trojan.Clipbanker, ClipSpy, ClipStealer
Category: Malware
Type: Information stealer, trojan
Platform: Windows
Variants: WinGo/ClipBanker.AS, Trojan-Banker.Win32.ClipBanker.ycf, Trojan:Win64/GOClipper.DA!MTB, Win32/Occamy.C, Dropper-AutoIt.j, TrojanSpy.MSIL.CLIPBANKER.SM, TSPY_CLIPBANKER.CZ, MSIL.CLIPBANKER.AB, Win32.CLIPBANKER.WLDE
Damage potential: Financial loss, unauthorized access, data theft, and identity theft.
Overview
Clipbanker is a spy trojan and information stealer that hackers use to steal sensitive information. It records the user’s browsing history, email data, and social media activity. However, its primary focus is spying on clipboard data, particularly cryptocurrency addresses and banking information. Hackers, for example, detect legitimate cryptocurrency addresses and replace them with ones controlled by attackers to misdirect funds without the user’s knowledge.
Over time, Clipbanker became more sophisticated, making it hard to detect. It disables security software and uses obfuscated payloads. In addition, attackers employ persistence mechanisms, which grant them uninterrupted access to the infected system.
Possible symptoms
Clipbanker exploits a clipboard, temporary storage for data that the user wants to copy from one place to another. A hacker monitors it and steals the information that they’re looking for. The following symptoms may signal that your device is infected with the Clipbanker trojan:
- Unexpected changes in clipboard content, showing unknown entries.
- Delayed copying and pasting.
- Frequent system crashes and high CPU usage.
- Changed settings without the user’s input.
- Disabled antivirus software.
- Random pop-ups and ads.
- Unexpected redirects to unknown websites.
- New programs that the user never installed.
- Unauthorized financial transactions.
- Alerts from financial institutions.
Sources of infection
Clipbanker usually creeps into a user’s device through phishing emails containing malicious links. A user clicks on an attachment that appears as a legitimate file and downloads Clipbanker. However, this spy trojan may infect a system in several different ways.
- Drive-by downloading from compromised websites.
- Downloading with bundled software from unofficial websites.
- Downloading with pirated software or fake software updates.
- Clicking on infected pop-ups and ads in seemingly legitimate online advertising networks.
- Using infected USBs or other removable media infected with Clipbanker.
- Downloading from shared network drives containing infected files.
Protection
Take a moment to up your data security against the Clipbanker trojan by taking the following steps:
- Use clipboard management tools, which alert users if content in the clipboard changes.
- Keep your systems updated and patched against known vulnerabilities.
- Get Threat Protection Pro, a tool that scans files for malware during download and alerts you if a file is infected.
- Be cautious of phishing emails, especially those demanding you to react immediately and open attachments.
- Enable multi-factor authentication for financial accounts.
Clipbanker removal
Removing Clipbanker from your device might require advanced IT skills. However, leaving this job for your antivirus or anti-malware software is possible. So, if you suspect that your device is infected with this pesky trojan, take the following steps:
- Disconnect from the internet immediately to prevent hackers from retrieving even more data.
- Restart your computer in Safe mode.
- Use an antivirus tool to scan your computer. If it detects Clipbanker or any other malware, use a malware removal tool to remove it.
- Change passwords to your financial accounts and monitor those accounts for unauthorized activity.
- If the malware persists, consult with a cybersecurity expert.