SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Gaming Malware => Topic started by: never on February 04, 2016, 04:06:10 pm

Title: Coinbitclip-The Hearthstone Files Copycat Malware That Steals Your Bitcoin Data
Post by: never on February 04, 2016, 04:06:10 pm
A new type of financial data stealing Trojan known as Coinbitclip has been reported to massively affect users, creating multiple files in the following locations:

%AppData%\Blizzard\Hearthstone.exe
%User’s Profile%\Application Data\hearthstone\updater.exe


I may also create registry entries to run the .exe files every time you start Windows in the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

The trojan is believe to take advantage of users, playing the famous game Hearthstone (http://us.battle.net/hearthstone/en/) by Blizzard to infect them. It may be distributed either via malicious web links or email attachments. Once activated, the trojan stars monitoring for any bitcoin addresses the affected user has copied to his/hers clipboard after which replaces the copied address with a foreign one. The threat has a database of addresses and it uses the closest one to the victim's address to make itself unnoticable. The Trojan may also use file obfuscation techniques to conceal its data.



This is an open topic discussion, regarding the Coinbitclip Trojan. You may share your experience, ask questions, ask for help in case you have been affected by the Trojan and we will attempt to assist you anyway we can.