Undetected Malware Clipboard Monitoring Script | REPORT

[St14n]

Hi there, 

I want to make you all aware a new kind of malware has arrived and is almost undetected by every antivirus software. 

Malware Fighter in my case detected the .ps1 (Powershell) scripts that this malware left behind in the Windows TEMP folder, but not the malicious task it created in Task Scheduler nor the fake log file hidden as [C:\Windows\logs\system-logs.txt].

The script is encoded with BASE64, which makes it to the normal user almost impossible to identify as malicious. I decoded it and I saw an action was called [Handle_WM_CLIPBOARDUPDATE], I copied this into Google, with only 1 result. And sure enough, malware.

I advise you all to check out https://gist.github.com/infernoboy/cf114fda56ff3706478e0d1e6a1a1b27?permalink_comment_id=4140687#gistcomment-4140687 to read how to delete this malware and how the script looks like (scroll through the thread). It also explains perfectly how the malware works and what it is trying to do, all credits go to @infernoboy on GitHub.

I hope the IObit team as well as other antivirus companies can start monitoring and detecting this.