nice blog post by kaspsky, unveiling a couple of malicious self-hosted gogs instances, as well as some unique pastebin-like services I haven't seen before. The pastebin-like services have been added to today's ETOPEN release, in the ET INFO category. use them for threat hunting!
forgot my link: https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
snippet.hostchiaselinks.comrlim.compaste.kealper.com
Malware Delivers ClipBanker Through Sophisticated Infection Chain
Beware of a sneaky malware that can swap out the cryptocurrency wallet address you copied with a fake one, just by pasting a malicious software masquerading as Proxifier - putting your digital assets at risk. This Trojan uses a multi-stage infection chain to deliver ClipBanker, a stealthy threat that hijacks your clipboard.
📢 ClipBanker distribué via un faux installeur Proxifier dans une chaîne d'infection multi-étapes
📝 ## 🔍 Contexte
Publié le 9 avril 2026 par Oleg Kupreev sur Securelist (Kaspersky), cet article déc...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-09-clipbanker-distribue-via-un-faux-installeur-proxifier-dans-une-chaine-d-infection-multi-etapes/
🌐 source : https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
#ClipBanker #IOC #Cyberveille
🔍 Contexte Publié le 9 avril 2026 par Oleg Kupreev sur Securelist (Kaspersky), cet article décrit une campagne active depuis début 2025 distribuant le malware ClipBanker via un faux installeur du logiciel Proxifier, hébergé sur GitHub et promu via les moteurs de recherche. 🎯 Vecteur d’infection initial Les victimes recherchent « Proxifier » sur des moteurs de recherche populaires. Un des premiers résultats pointe vers un dépôt GitHub malveillant contenant une archive avec un exécutable trojanisé et un fichier texte de clés d’activation. L’exécutable est un wrapper malveillant autour du vrai installeur Proxifier légitime.
Good day everyone!
Today's #readoftheday involves Microsoft Office add-ins, masquerading, trojans, and MUCH MORE! Kaspersky researchers share the details about a project on SourceForge that was distributing malware. It appeared to be a project for Microsoft Office add-ins, that were copied from a legitimate project on GitHub, but in reality was a list of Microsoft Office applications that led to an archive that contained an installer file (.msi). Once that is run, a bunch of bad stuff happens (I'm not going to ruin it for you) and then you are left with a miner and the #ClipBanker malware that replaces cryptocurrency wallet addresses in the clipboard with the attacker's own, which is pretty interesting as well! I hope you enjoy it as much as I did! Happy Hunting!
Attackers distributing a miner and the ClipBanker Trojan via SourceForge
https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/
Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
da_667
Analyst207
CyberVeille.ch
Just Another Blue Teamer