A sophisticated cryptocurrency clipper malware campaign has been compromising Windows systems since February 2026. Unlike traditional stealers that rely on standard IP-based command-and-control (C2) servers, this malware uses a portable Tor client and a local SOCKS5 proxy. This turns a financially motivated data stealer into a lightweight, remote backdoor capable of bypassing conventional network defenses. […]
The post Hackers Use Tor-Routed C2 and Local SOCKS5 Proxy to Control Crypto Clipper Malware appeared first on Cyber Security News.