Remove Coinbitclip Hearthstone Trojan Completely - How to, Technology and PC Security Forum |

Remove Coinbitclip Hearthstone Trojan Completely

SensorsTechForum-Komprogo-backdoor-trojan-horse-malware-ransomware-spreadA new type of infostealing Trojan is reported to aim at the cryptocurrency BitCoin, replacing It’s addresses with malicious ones. The Trojan creates multiple files via obfuscated executables, and it aims to stay concealed for as long as possible on the user PC. Furthermore, Coinbitclip uses multiple third-party BitCoin addresses and may use a different one for every infection. Furthermore, the Trojan most likely has something to do with the notorious game Hearthstone, resembling It’s executables. All users who actively use bitcoins are strongly advised to use an advanced anti-malware protection or use another computer for their financial transactions.

Image sources: Sensorstechforum and Blizzard™

NameCoinbitclip Trojan
TypeInfostealer Trojan
Short DescriptionThe payload steals and replaces bitcoin addresses.
SymptomsThe user may witness unfamiliar files in the %AppData% such as Hearthstone.exe.
Distribution MethodVia malicious web links aor attachments.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Coinbitclip Trojan
User Experience Join our forum topic about the threat to discuss Coinbitclip Trojan.

Coinbitclip Trojan – How Does It Spread

An effective way for such type of trojans to spread is via malicious web links posted online. In the situation discovered, by Symantec researchers the game Hearthstone is copied, which means that it may target users via various third-party websites that are Blizzard or Hearthstone related and may insert the trojan via injecting a malicious code on the victim’s computer.

There may be another mean of targeting users on a massive scale. The hackers may send out massively spam emails to users that have registered on a Hearthstone related website. The mails may look like they come from Blizzard themselves and the following messages may be present in them, for example:

  • “Click here to restore your password.”
  • “Your account has been suspended. Click here for more information.”
  • “Incoming files regarding Hearthstone.”

The mail messages might also contain an archived file as an attachment that may have the obfuscated payload of the malware.

One way or another, after it has been executed, according to Symantec researchers, the Trojan may create the following files:

  • %AppData%\Blizzard\Hearthstone.exe
  • %User’s Profile%\Application Data\hearthstone\updater.exe

Furthermore, the cyber-threat may create a registry entry for the Hearthstone.exe file to run every time your Windows starts. It is located in the following Windows Registry key:

  • “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”

After setting up nice and comfy on your PC, the Trojan begins to automatically look for any BitCoin addresses that are copied by the user. What the Trojan does is it uses a custom database of many third-party BitCoin addresses to replace them with the currently copied address immediately after detection. What is more, the cyber-threat is smart – it uses the BitCoin address in its database closest to the actual one that has been copied to the clipboard.

This is most likely done with the one and only purpose to steal money when users convert money in bitcoins. The malware may work extremely well with ransomware threats such as TeslaCrypt 3.0 which persuade and scare users to pay for the decryption of their files in BitCoins.

Remove Coinbitclip Trojan from Your PC

Since this cyber-threat may create registry entries on your computer and may use an updater to stay hidden and change the location of the malicious files, it is strongly advisable to methodologically remove this Trojan. To do this, follow the after mentioned instructions.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share