Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights into target environments.
How does it work?
Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the transactions. It redirects the transaction to the threat actor’s wallet address within a few seconds, without generating any suspicion
Clippers
Standard clipboard stealers, also called clippers, monitor the Windows clipboard and activate when they detect a cryptocurrency wallet address that users typically copy as the destination for a payment.
When this happens, the clipper changes that address with one belonging to the cybercriminals, thus diverting the payment to the attacker.
Clippers are a well-known security threat, as they are malware variants that monitor the clipboard of a Windows-powered endpoint(opens in new tab), and when they see that a user copied a cryptocurrency wallet address to the clipboard, they’ll replace it with an address belonging to the attacker. That way, when the victim sends their funds, they’re actually sending them to a wallet belonging to the attackers.
The clipper supports wallet address generation for a wide range of popular cryptocurrencies such as Bitcoin, Bitcoin Cash, Litecoin, Ethereum, Dogecoin, Monero, Ripple, Cosmos, Qtum, and Zcash.
Indicators Of Compromise (IOCs)
457c9934ea081a6594d8f630ef5a9460
ef0692e35a6d55aff3814ebe4e40fc231a24873e 19b7183a3eed215c98ce35ac4168917345ef97c104b0c5a7ea43919f094a3bc3
825a7c6d1b4adfe2b1cc7b29199f5033 1edcdc6899fe0aad0b953dee9f3660da0e052699
f4a57ad535ec4b0c7c1b3fbd9a116e451a392ee3f1e5e8b7a5ee0b05141208cc
7f9a14f5eb35f5edd11624abfafba8f0
ed586dd2973f3126ff07950dacbd484643de06f7 de0eb9f1d712ec2c91fea05e26fb01a019cadcc8beb4ad6d2f4a0b4db2cfbfaf
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment