216.73.216.133

Efimer Trojan delivered via email and hacked WordPress websites

· Published 08/08/2025 14:04 · Modified 10/08/2025 20:39

Export JSON

Essential information

Published
08/08/2025 14:04
Modified
10/08/2025 20:39
Tags
2025-08-08 brute-force clipbanker cryptocurrency efimer email campaign tor torrent wordpress
Related entities
16 observables, 2 techniques (mitre), 1 malware, 7 others

Description

The Trojan is spreading through compromised sites, malicious torrents, and email campaigns impersonating lawyers. It steals by replacing wallet addresses in the clipboard and can execute additional malicious scripts. The Trojan communicates with its command-and-control server via the network. It has additional capabilities to sites and harvest email addresses for further distribution. The malware primarily targeted users in Brazil, India, Spain, Russia, Italy, and Germany between October 2024 and July 2025, affecting over 5,000 Kaspersky users.

External references