Fake Reputation Campaign on GitHub and YouTube Spreads Crypto Clipboard Hijacker Malware
By
CySecurity News, twitter.com/ehackernews
Summary
Cybercriminals are using PR-like tactics to distribute malware through a fake reputation campaign targeting cryptocurrency users. The operation involves promoting malicious crypto tools across platforms like GitHub, YouTube, and VirusTotal to build trust and lower suspicion. At the core is a Rust-based clipboard hijacker that monitors for copied cryptocurrency wallet addresses and redirects funds to attackers.
Source
Key quotes
· 4 pulledCybercriminals are increasingly borrowing the language and tactics of public relations, and a new campaign shows how effective that can be.
Attackers promoted malicious crypto-related tools by creating a polished online presence across GitHub, YouTube, VirusTotal, and other channels.
The goal was not only to spread malware, but also to build an illusion of trust that would lower suspicion among users and researchers.
At the center of the operation was a Rust-based clipboard hijacker, a type of malware that watches for cryptocurrency wallet addresses copied into a victim's clipboard.
You might also wanna read
Microsoft uncovers Tor-based cryptocurrency clipper malware with worm-like propagation
Microsoft Threat Intelligence identified a Windows-based cryptocurrency clipper malware campaign active since February 2026. The malware use
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
Rust Security Alert: Phishing Campaign Targets crates.io Users
The Rust Security Response WG and crates.io team issued a security alert about a phishing campaign targeting crates.io users. Malicious emai
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories
A security breach has been discovered in the popular Nx build kit where malicious post-install commands create unauthorized repositories nam
Crates.io Targeted by Phishing Attempt Following npm Supply Chain Attack
The article discusses a phishing attempt targeting crates.io, the main public repository for Rust packages, following a recent npm supply ch

Comments
Sign in to join the conversation.
No comments yet. Be the first.