BankerClip (also known as BankerClip) is a banking trojan active since 2018. Clipboard-hijacking banking malware. Key characteristics include: clipboard monitoring, crypto address swapping, banking credential theft.
Overview & Background
Clipboard-hijacking banking malware. First identified in 2018, this threat is attributed to eCrime / LATAM.
Threat Assessment
BankerClip remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this banking trojan.
- Category: Banking Trojan
- Active since: 2018
- Attribution: eCrime / LATAM
- Also known as: BankerClip
Technical Analysis
BankerClip employs the following capabilities and techniques:
- Clipboard Monitoring: Core functionality
- Crypto Address Swapping: Core functionality
- Banking Credential Theft: Core functionality
MITRE ATT&CK Mapping
| Tactic | Technique | Usage |
|---|---|---|
| Initial Access | T1566.001 Phishing Attachment | Common delivery vector |
| Execution | T1204.002 Malicious File | User-triggered execution |
| Persistence | T1547.001 Registry Run Keys | Autostart persistence |
| Defense Evasion | T1027 Obfuscated Files | Payload obfuscation |
| C2 | T1071.001 Web Protocols | HTTP/HTTPS C2 |
Detection & Defense
- Endpoint detection: Deploy behavioral detection rules for BankerClip indicators
- Network monitoring: Monitor for C2 traffic patterns and anomalous connections
- Threat intelligence: Track BankerClip IOCs and campaign updates
- Security awareness: Train users to recognize phishing and social engineering
- Patch management: Keep systems updated to prevent exploitation
Defend Against BankerClip
Mjolnir Security provides detection and response capabilities against BankerClip and similar threats.
Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
- Proactive Threat Hunting Hunt for BankerClip indicators and TTPs within your environment.
- Threat Intelligence Monitor BankerClip campaigns and infrastructure changes.
- 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security | Published: September 9, 2025
Stay ahead of emerging threats. Get notified when we publish new intelligence reports and advisories.
Subscribe to Alerts