Linux Malware

Security researchers at Cyble have discovered a new Linux malware called ClipXDaemon, which hijacks cryptocurrency wallet addresses by altering clipboard content on X11-based systems. The malware operates without command-and-control servers, monitoring and replacing addresses in real time to redirect funds to attackers. It uses a multi-stage infection process and employs stealth techniques to evade detection.