New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Home/Compromised, Internet Security, malicious cyber actors, Malware, Security Advisory, Security Update/New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights into target environments.

How does it work?

Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the transactions. It redirects the transaction to the threat actor’s wallet address within a few seconds, without generating any suspicion


Standard clipboard stealers, also called clippers, monitor the Windows clipboard and activate when they detect a cryptocurrency wallet address that users typically copy as the destination for a payment.

When this happens, the clipper changes that address with one belonging to the cybercriminals, thus diverting the payment to the attacker.

Clippers are a well-known security threat, as they are malware variants that monitor the clipboard of a Windows-powered endpoint(opens in new tab), and when they see that a user copied a cryptocurrency wallet address to the clipboard, they’ll replace it with an address belonging to the attacker. That way, when the victim sends their funds, they’re actually sending them to a wallet belonging to the attackers.

The clipper supports wallet address generation for a wide range of popular cryptocurrencies such as Bitcoin, Bitcoin Cash, Litecoin, Ethereum, Dogecoin, Monero, Ripple, Cosmos, Qtum, and Zcash.

Indicators Of Compromise (IOCs)

ef0692e35a6d55aff3814ebe4e40fc231a24873e 19b7183a3eed215c98ce35ac4168917345ef97c104b0c5a7ea43919f094a3bc3
825a7c6d1b4adfe2b1cc7b29199f5033 1edcdc6899fe0aad0b953dee9f3660da0e052699
ed586dd2973f3126ff07950dacbd484643de06f7 de0eb9f1d712ec2c91fea05e26fb01a019cadcc8beb4ad6d2f4a0b4db2cfbfaf

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!