The long road to your crypto: ClipBanker and its marathon infection chain

April 9, 2026, 6:06 p.m.

Description

Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a go-to for making sure these apps are functional within secured development environments. By coincidence, Proxifier is also a name for a proprietary proxifier developed by VentoByte, which is distributed under a paid license. If you search for Proxifier (or a proxifier), one of the top results in popular search engines is a link to a GitHub repository. That’s exactly where the source of the primary infection lives.

External References

https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
https://otx.alienvault.com/pulse/69d77818426ba84dc9eb0371
Tags
2026-04-09

Date

  • Created: April 9, 2026, 9:57 a.m.
  • Published: April 9, 2026, 9:57 a.m.
  • Modified: April 9, 2026, 6:06 p.m.

Indicators

  • fdae784b02b22916bf4bac1344b3e8e13f98996e3cd85f2daf171084983247e1
Download all indicators here!

Attack Patterns

  • ClipBanker

Additional Informations

  • chiaselinks.com
  • git.parat.swiss
  • paste.kealper.com
  • rlim.com
  • pinhole.rootcode.ru