A simple copy and paste of a RIB may be enough to trigger an invisible but formidable scam. The Iban Clipper, a discreet and sophisticated malware, exploits this trivial habit to divert banking transfers without the knowledge of its victims. Silently, he changed the bank details copied in the clipboard, redirecting money to fraudulent accounts. Behind this process of simple appearance hides a constantly evolving threat, which adapts to new digital practices and now targets both individuals and businesses.
Discreet and effective malware that targets bank transfers
The Iban Clipper is malware designed to monitor and manipulate the contents of a computer's clipboard. Its objective is to automatically modify a RIB or an IBAN copied by the user in order to divert a transfer to a fraudulent account. This method is based on a current habit: the use of copy and paste to avoid entry errors on long and complex numbers.
This malware targets Windows users and works in the background, making its detection particularly difficult according to Lineotec. It acts without slowing down the system and without alerting the victim. According to research by Cyble Research Labs, the authors of these attacks sometimes praise their software on specialized forums, allowing other cybercriminals to launch their own scam campaigns.
The functioning of the Iban Clipper is based on a simple but formidable process. When a user copies a RIB, the software detects the structure of IBAN thanks to an analysis system (REGEX). He immediately replaced him with another, defined in advance with cybercriminals. When validation of the transfer, money is transferred to an account controlled by fraudsters, often based abroad.
Avast cybersecurity experts identified a striking example with the Hackboss malware. This software uses a similar mechanism to divert addresses of cryptocurrencies. It is broadcast via a Telegram canal and automatically replaces the addresses copied by those of the pirates. This method would have made it possible to steal more than $ 560,000 in a few years.
A virus that proliferates and adapts to new targets
Initially used to divert cryptocurrency transactions, this type of malware has been adapted to target traditional bank accounts. This development is explained by the strong adoption of online banking services and the frequent use of copy and paste during transactions.
Cyble researchers discovered that some Iban Clippers are specifically configured to identify European Ibans, especially those in the SEPA zone.
Cybercriminals take advantage of the habits of their victims to intercept and modify these sensitive numbers. Once the malware is installed, the changes are made automatically, without additional intervention.
The installation of these malware is mainly carried out through phishing campaigns. The victims receive emails containing infected links or attachments. By clicking on it, they download a malicious file without realizing it. He moved discreetly and immediately monitors the clipboard. These attacks often go through false hacking software, like those of Hackboss, used to easily trap users.
How to identify and limit the risks linked to the IBAN CLIPPER
The detection of this type of malware is complex because it does not display any visible sign of its activity. However, some indices may alert users. An unusual slowness of the system, unexplained changes in the clipboard or unrecognized transfers may indicate an infection.
Cybersecurity researchers recommend several precautionary measures. Systematic verification of the latest figures from a RIB after copy and paste is essential. In the event of inconsistency, it is preferable to immediately stop the transaction and carry out an in -depth analysis of the system.
The installation of a recognized and regularly updated antivirus is also necessary to locate and block this type of threat. Experts finally recommend to avoid downloading software from unofficial sources and never click on suspicious links received by e-mail or instant messaging.
With an unwavering passion for local news, Christopher leads our editorial team with integrity and dedication. With over 20 years’ experience, he is the backbone of Wouldsayso, ensuring that we stay true to our mission to inform.
