Check Point Research uncovered a threat actor using fake reputation tactics across news sites, GitHub, SourceForge, YouTube, VirusTotal, and a WordPress phishing hub to promote malicious warez. The campaign delivers a Rust-based cryptocurrency clipboard hijacker hidden in Solana and Pump.fun sniper bots and crash-game predictors, targeting Windows and macOS users seeking quick profits. #CheckPointResearch #VirusTotal #GitHub #SourceForge #Solana #Pumpfun
Keypoints
- A threat actor used paid and promoted posts on legitimate news websites to advertise warez.
- The campaign relied on a WordPress phishing page, fake GitHub accounts, SourceForge projects, and a YouTube channel.
- Ghost Networks were used on VirusTotal to make malicious files appear safe.
- The malware is a Rust-based clipboard hijacker that targets cryptocurrency wallet addresses on Windows and macOS.
- The actor inflated trust with fake downloads, reviews, comments, and press-release promotion through EIN Presswire.
Read More: https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html