Botnet has made $ 500k with crypto clipping

Η Check Point Research (CPR) its research department Check Point Software spotted a variation botnet who has stolen nearly half a million dollars worth of cryptocurrencies through a technique called " clipping". 

The new variant, called Twizt, a descendant of Phorpiex, steals cryptocurrencies during transactions, automatically replacing the recipient's address with that of the perpetrator.

Η CPR προειδοποιεί τους κατόχους κρυπτονομισμάτων να προσέχουν σε ποιον στέλνουν χρήματα, καθώς έχουν καταγραφεί 969 συναλλαγές υποκλοπής και η καταμέτρηση συνεχίζεται. Το Twizt μπορεί να λειτουργεί χωρίς ενεργούς διακομιστές C&C, το οποίο του επιτρέπει να παρακάμπτει τους μηχανισμούς .

  • In a period of 12 months, 3,64 were stolen Bitcoin 55,87 Etherand $ 55.000 in ERC20 Tokens
  • 26 ETH were stolenin one case 
  • The majority of the victims live in Ethiopia, Nigeria and India

Check Point Research (CPR) has identified a new variant of Phorpiex, a botnet known for sextortion and crypto-jacking. The new variant, called Twizt, operates without active command and control servers, meaning that every s that infects can expand the botnet. CPR estimates that Twizt has stolen nearly half a million dollars worth of cryptocurrency. The news of Twizt have led CPR to believe that the botnet may become even more stable and therefore more dangerous.

How Twizt works

The Twizt utilizes a technique called “cryptoclipping", Which is the theft of cryptocurrencies during transactions through the use of malware that automatically replaces the wallet address intended with the perpetrator's wallet address. This results in the amounts going into the wrong hands. 

The Victims

Over a period of one year, from November 2020 to November of , The Phorpiexbotsstole 969 trades, stealing 3,64 Bitcoin 55,87 Etherand $ 55.000 in ERC20 Tokens. The value of the stolen goods at current prices is almost half a million dollars . Several times it Phorpiexmanaged to steal large amounts of transactions. The largest was 26 ETHamount for a transaction Ethereum.

Graph 1. Victims by spaceα


Commentary: Alexander Chailytko, Cyber ​​Security Research & Innovation Manager at Check Point Software: 

“Υπάρχουν τρεις βασικοί που ενέχει η νέα παραλλαγή του Phorpiex. First, the Twizt uses the model peer-to-peer and is able to receive commands and updates from thousands of other infected machines. One botnet peer-to-peer it is more difficult to destroy and shut down. That makes it Twizt more stable than previous versions of muzzle of Phorpiex.

Secondly, like the old versions Phorpiex, the Twizt is able to steal cryptocurrencies without any communication with C&C, therefore, it is easier to bypass security mechanisms such as , in order to do damage. Third, the Twiztsupports more than 30 different cryptocurrency wallets from different block chains, including the most important, such as BitcoinEthereumDashMonero.

This creates a huge range of attack, and virtually anyone using encryption could be affected. "I urge all cryptocurrency users to double-check the wallet addresses they copy and paste, as they could easily accidentally send their cryptocurrencies to the wrong hands."

Security tips

- Check the wallet address. When users copy and paste an address of one cryptowallet, must always double check that the original and the pasted address are the same.

Try the transactions. Before sending large amounts of cryptocurrencies, a trial transaction with a minimum amount needs to be done first.

- Stay informed. The operating system must be up to date and not download software from unverified sources.

Skip the ads. When searching for wallets or cryptocurrency trading platforms, they should always choose the first site in the search and not the ads. These can be misleading as well CPR has found many prices on google, which aim to extract money. 

Observe the addresses URL. They should always double check the addresses URL! The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new posts by email.

crypto clipping, botnet

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).