Skip to main content

The Clampi virus (klæmpʹee vīʹrəs) is a man-in-the-browser Trojan that hides in your system, stealing login credentials and specifically targeting banking and financial information. First seen in the mid-2000s, this Trojan is often hidden in trusted websites. It became a serious threat in 2009 and is still found hiding deep in computer systems today. The Trojan specifically targets Microsoft operating systems.

How the Clampi Virus Works

Once downloaded into your computer, Clampi (also known as Ligats and Ilomo) lies in wait for you to sign in to make a financial transaction, such as accessing online banking or entering credit card information for an online purchase. The virus is sophisticated enough to hide behind firewalls and go undetected for long periods of time. The cybercriminals communicate with the malware through Control and Command servers using an open back channel.

As soon as you enter your username and password, Clampi records that information and sends it to the cybercriminals who control the virus. Once those credentials and numbers are in hackers' hands, they can do whatever they want with them. They have direct access to your bank account and can use your financial information for identity theft or sell it on the black market.

Because the hackers have total command over the virus once it's embedded in your operating system, they can act at will. One tactic is to slowly drain a bank account, taking out small amounts of cash at a time in hopes the owner might not notice the missing money for months. Hackers have also created fake invoices and fake employees in payroll systems.

Clampi's Rebirth

Like many banking trojans, Clampi has shifted its behavior and tactics over time. Today, it takes control of browser settings without knowledge or consent, causing the browser to redirect to malicious websites or shut off security settings. If you're suddenly getting a lot of pop-up ads or your browser is behaving oddly, your computer could be infected with the Clampi virus.

The virus spreads through social media sites, email attachments and downloaded media files. It shuts down your firewall's functionality, slows down your computer and internet connection and modifies the registry. Like the original Clampi, it also steals information from you and shares that information with cybercriminals via remote servers.

Another variation of Clampi is used to steal money using scareware as a scam. In this case, Clampi poses as a virus cleaning service and warns you that your system is infected. The site encourages you to purchase and download software to fix your computer. If you follow through, you send a payment and receive malware. The hackers get money, financial information and access to your computer to do more damage. Once initiated, the software continues to generate additional warnings and sets your computer up as an easy target for continued outside attacks.

Prevention

The best way to prevent Clampi from infiltrating your system in any of its variations is to install reputable security solution and update it regularly. It's also important to install software and operating system patches and upgrades as soon as they are available to avoid potential vulnerabilities.

You should always practice good security hygiene, and that includes not clicking on suspicious links or opening attachments from unknown users. If you receive an alert that your system is infected, run your own system scan using your own antivirus software. Finally, make sure you have a security solution on your computer that can detect intruders before they do damage.

What is the Clampi Virus?

The Clampi Virus is a man in the browser Trojan that hides in your system, stealing login credentials for banking and other personal information.
Kaspersky Logo