Security researchers from Cyble and ASEC have uncovered a new campaign of hackers targeting fellow hackers via clipboard stealers. These stealers are disguised as cracked RATs and malware building tools.

Generally, clipboard stealers are used in monitoring the clipboard content of a victim, identifying cryptocurrency wallet addresses, hijacking financial transactions, and transferring money.

ASEC researchers detected the fake offers on hacking forums such as “Russia black hat.” Hackers are deceived into installing cracked versions of BitRAT and Quasar RAT.

To download the tool, hackers are directed to an Anonfiles page that delivers a RAR archive. This is supposedly a builder for the selected malware.

However, the “crack.exe” file contained in these archives is a ClipBanker installer that copies the malicious binary to the startup folder and executes it on the first reboot.

Cyble researchers found hackers offering a free month of AvD Crypto Stealer on a cybercrime forum. The victims are deceived into downloading an executable named ‘Payload.exe’ which ends up infecting their systems.