What to Know About the Clipsa Password-stealing Malware

You survived the ILOVEYOU virus in 2000, MyDoom in 2004, CryptoLocker in 2013 and WannaCry in 2017 — but that doesn’t mean you’ll make it through the next worst malware, especially if you don’t know anything about it. While not as immediately devastating as other malware attacks, a newly discovered malware called Clipsa could already be on your machine, which means you need to know as much as possible about what this virus wants and how to get rid of it.

What We Know About Clipsa

Clipsa has been labelled a “multi-purpose password stealer.” As it sounds, this means Clipsa is intended to gain access to accounts by thieving passwords. It does this by using information stored on an infected system’s clipboard. The malware is specifically looking for addresses to cryptocurrency wallets, which tend to be long strings of random letters and numbers — nearly impossible for someone to remember and highly likely to appear on a clipboard. Once Clipsa has the address, it navigates there and transfers all cryptocurrency into the author’s wallet.

Unfortunately, that isn’t the only thing Clipsa does. Even if it doesn’t find any cryptocurrency wallet addresses, the malware installs a cryptocurrency miner, also called a cryptojacker, which is a type of software that uses processing power to create cryptocurrency. This is bad for a few reasons: First, continuous cryptocurrency mining wears down your hardware, meaning you will need to repair or replace your device sooner than you might expect. Secondly, in the meantime, your device will run much slower because much of its energy is devoted to mining cryptocurrency rather than the programs you are trying to use. Plus, as your device runs, it will consume more energy, skyrocketing your electricity bills.

Most often, Clipsa finds its way onto victims’ devices when users try to download and install media players from unreliable sources, like peer-to-peer networks, file hosting sites, unofficial freeware pages and similar locations. Clipsa also moves around the web attached to spam email messages; what might look like a Microsoft Office document is malware in disguise. Finally, you can also find clipsa in a number of other illicit locations, like embedded in cracking tools — which are used to spread copies of legitimate software without disks or authentication codes — or within fake updates, which trick users inoto installing a legitimate-seeming update or patch.

Overall, it seems that Clipsa doesn’t have a nefarious new method for infiltrating users’ devices. In fact, Clipsa doesn’t seem like a revolutionary malware variant in any way. Still, Clipsa is proving effective, hitting hundreds of thousands of devices in just a few months. In countries as disparate as India, Brazil and the United States, device users like you are suffering from Clipsa — but there is hope.

How to Thwart Clipsa

The good thing about Clipsa is its lack of complexity. Simply put, Clipsa is likely to be identified, quarantined and eliminated by even a basic antivirus security solution. However, having an antivirus program on your device doesn’t give you permission to be reckless with your online behavior. You should still practice strong cyber hygiene, which means cultivating habits that will keep you safe from all sorts of malware. These habits include:

  • Recognizing spam or fraudulent messages and avoiding interaction with them
  • Staying away from illegitimate websites and untrustworthy download sources
  • Enabling automatic updates on all software to avoid confusion with fake updater tools
  • Using complex passwords across your accounts and/or relying on a password management tool to create strong passwords for your various accounts
  • Maintaining a cybersecurity suite from a trustworthy firm, like TrendMicro or Avast
  • Limiting the information you share online to keep your cryptocurrency investments secret
  • Avoiding unknown network connections, like public Wi-Fi in coffee shops and airports
  • Considering utilizing a VPN, which makes your movements online all but untrackable

Clipsa is an annoying malware, but it probably won’t be an earth-shattering attack on par with WannaCry, CryptoLocker, MyDoom or ILOVEYOU. Even before Clipsa was discovered, it was being thwarted by antivirus programs, so keeping some form of security on your devices and network is a good way to keep yourself safe from any malware that strives to come your way.