Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses.  

Cyble’s Research & Intelligence Labs (CRIL) found the malware delivered through a loader structure previously associated with ShadowHS activity. Despite that structural overlap, researchers say there is no evidence that ClipXDaemon and ShadowHS share the same operators or malware authors. 

Instead, both threats appear to rely on bincrypter, an open-source shell-script encryption framework hosted on GitHub.   ClipXDaemon: A Cryptocurrency-Focused Linux Threat 

Unlike traditional Linux malware that depe...