Check Point Research has discovered Twizt, a new variant of the Phorpiex botnet. It uses a unique method to steal cryptocurrency from its victims.
Twizt uses a technique called "crypto-clipping," in which malware is used to automatically replace the address of the intended wallet with the address of the criminal, so funds are transferred to the criminal unnoticed.
In a year from November 2020 to November 2021, the Phorpiex bot hijacked 969 cryptocurrency transactions, that is 3.64 Bitcoins, 55.87 Ethereums, and $55,000 ERC20 tokens.