Cybercriminals Use Fake News Ads and AI to Spread Crypto Clipper Malware

An unidentified threat actor has been observed using paid or promoted posts on legitimate news websites to generate interest in their malicious software, as reported by Check Point Research. The campaign involves a central WordPress phishing page, alongside GitHub and SourceForge projects promoted via fake accounts, as well as a YouTube channel. The attack leverages fake reviews, AI-generated narrators, and comments on VirusTotal to distribute a crypto clipper malware. No specific dates, victim counts, or technical indicators (e.g., hashes, CVE IDs) were disclosed in the available content. The primary impact involves the theft of cryptocurrency by manipulating clipboard data.