Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights into target environments.
How does it work?
Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the transactions. It redirects the transaction to the threat actor’s wallet address within a few seconds, without generating any suspicion
Standard clipboard stealers, also called clippers, monitor the Windows clipboard and activate when they detect a cryptocurrency wallet address that users typically copy as the destination for a payment.
When this happens, the clipper changes that address with one belonging to the cybercriminals, thus diverting the payment to the attacker.
Clippers are a well-known security threat, as they are malware variants that monitor the clipboard of a Windows-powered endpoint(opens in new tab), and when they see that a user copied a cryptocurrency wallet address to the clipboard, they’ll replace it with an address belonging to the attacker. That way, when the victim sends their funds, they’re actually sending them to a wallet belonging to the attackers.
The clipper supports wallet address generation for a wide range of popular cryptocurrencies such as Bitcoin, Bitcoin Cash, Litecoin, Ethereum, Dogecoin, Monero, Ripple, Cosmos, Qtum, and Zcash.
Indicators Of Compromise (IOCs)