Avast Protects 250K Users From Clipsa Malware | Avast

Avast Protects 250K Users From Clipsa Malware | Avast
Threat Intelligence Team, 7 August 2019

Multi-functional password stealer brute-forces and steals admin credentials from unsecured WordPress websites



Avast researchers announced this week that the company has protected more than 253,000 users from Clipsa, a password stealer that steals administrator credentials from unsecured WordPress websites.
Once on an infected device, Clipsa can perform multiple actions, such as stealing cryptocurrency transfers and installing a cryptocurrency miner. Clipsa also uses infected PCs to crawl the internet for vulnerable WordPress websites. Once it finds a vulnerable site, it attempts to brute-force its way into the site.
“Clipsa is an unusual password stealer, in that it supports a wide range of functionalities. Instead of just focusing on passwords and cryptowallets present on the victim’s computer, Clipsa also makes PCs do the cybercriminals’ dirty work, like searching for vulnerable WordPress websites on the internet and brute-forcing their credentials. The more machines that are infected, the more computational power Clipsa has,” said Jan Rubín, malware researcher at Avast.
The campaign is most prevalent in India, where Avast has blocked more than 43,000 Clipsa infection attempts, protecting more than 28,000 users in India from the malware. The Avast Threat Labs has also observed higher infection attempt rates in the Philippines, where Avast protected more than 15,000 users from Clipsa and in Brazil, protecting more than 13,000 users. In total, Avast protected more than 253,000 users more than 360,000 times, since August 1, 2018. 
If a device is infected with Clipsa, users may notice their PCs operating slower than usual, due to malicious coin miners mining cryptocurrencies in the background, as well as Clipsa crawling the internet for vulner ..

Support the originator by clicking the read the rest link below.