Efimer Trojan delivered via email and hacked WordPress websites
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Efimer Trojan is spreading through compromised WordPress sites, malicious torrents, and email campaigns impersonating lawyers. It steals cryptocurrency by replacing wallet addresses in the clipboard and can execute additional malicious scripts. The Trojan communicates with its command-and-control server via the Tor network. It has additional capabilities to brute-force WordPress sites and harvest email addresses for further distribution. The malware primarily targeted users in Brazil, India, Spain, Russia, Italy, and Germany between October 2024 and July 2025, affecting over 5,000 Kaspersky users.
OPENCTI LABELS :
brute-force,cryptocurrency,tor,wordpress,clipbanker,torrent,efimer,email campaign
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Efimer Trojan delivered via email and hacked WordPress websites