skip to Main Content

Cybercrime, ClipBanker and PhoenixMiner conveyed via fake saved photos

Technical analysis by the Malware Hunter JAMESWT

ClipBanker and PhoenixMiner conveyed via fake saved photos. The exe file is redline stealer. This, once opened, automatically downloads the other two malware: a banking trojan and a cryptominer

ClipBanker and PhoenixMiner are conveyed with the bait of fake photos saved on nVidia’s Instant Replay. The file, discovered by MalwareHunterTeam, is an exe: redline stealer.

This, once opened, automatically downloads the other two malware.

It is not clear, however, at the moment which is the vehicle of the initial malicious document. ClipBanker is a banking trojan and info-stealer, used by cybercrime actors to exfiltrate sensitive information from infected computers. PhoenixMiner, on the other hand, is a cryptominer that generates Ethereum and that supports both AMD and nVdidia cards.

Back To Top