We’ve brought together this week’s most important news from the world of cybersecurity.

Experts discover malware targeting stealth mining and theft of cryptocurrencies

The Symantec Threat Hunter team has identified a hacker group distributing the Clipminer malware. It potentially earned operators at least $1.7 million for covert mining and theft of cryptocurrencies.

Clipminer is distributed via infected files of hacked or pirated software. The malware can use the resources of compromised computers to mine and manipulate the contents of the clipboard to redirect victims’ crypto transactions.

“Every time the clipboard is updated, it scans the contents of the clipboard for wallet addresses, recognizing the address formats used by at least a dozen different cryptocurrencies. Then they are replaced with addresses of wallets controlled by the attackers,” he said.

Europol eliminates FluBot botnet

Europol employees announced the elimination of FluBot, “one of the fastest growing mobile malware” targeting Android users.

🚨 SMS-based FluBot spyware removal 🚨

🔹 International law enforcement operation covering 11 countries 🌍🚔
🔹 The fastest spreading mobile malware today ⏩📱
🔹 Android malware is now disabled ✋🛑

More ➡️ https://t.co/YcMC5XRS6o pic.twitter.com/ksPuSHk6aW

— Europol (@Europol) June 1, 2022

FluBot spread via SMS and then stole passwords, online banking data and other sensitive information from infected smartphones around the world.

Using FluBot, attackers gained access to victims’ devices and used it to steal banking app credentials or cryptocurrency holders’ accounts.

Clop ransomware continued its activity

After suspending activity for a long time, Clop ransomware becomes active again. Bleeping Computer writes about it, citing NCC Group experts.

In April, Clop was ranked fourth among all ransomware viruses attacking 21 companies. Almost half of the attacks were against industrial establishments and 27% against technology companies.

Recall that last year, the Ukrainian cyber police reported that they detected Clop hackers and blocked channels for legalizing cryptocurrencies obtained by criminal means.

But according to ForkLog sources, the searches were not made on the hackers themselves, but on OTC merchants where ransomware operators’ bitcoins were passed.

Later, the Binance exchange confirmed that the Clop hackers participated in the law enforcement operation to identify the people who laundered their funds.

Roskomnadzor continued the war with VPN

This week, Russian users reported problems accessing Proton VPN and NordVPN services.

Representatives of the Proton VPN team suggested that the Russian authorities began to block the service. Later, Roskomnadzor announced that it was working to block VPN services and labeling them as threats.

According to experts, equipment is used to block Proton VPN TSPUestablished under the so-called law on the sovereign runet.

Meanwhile, the head of Roskomnadzor Andrey Lipov was subject to EU sanctions.

Attackers started stealing data using SMS about exporting data from Telegram

Hackers started sending SMS alerts about alleged data transfer from Telegram. To reverse this, victims are advised to follow a phishing link.

Also on ForkLog:

What to read on the weekend?

Russia continues to restrict free access to the Internet and information. We analyze the most popular VPN services and tips for bypassing internet censorship.