A brand new clipper malware has been found taking the theft of cryptocurrency to a whole new level, researchers have claimed.
Clippers are a well-known security threat, as they are malware variants that monitor the clipboard of a Windows-powered endpoint (opens in new tab), and when they see that a user copied a cryptocurrency wallet address to the clipboard, they’ll replace it with an address belonging to the attacker. That way, when the victim sends their funds, they’re actually sending them to a wallet belonging to the attackers.
But the attack is quite easy to spot, especially for more security-aware users (which crypto users generally are) – all it takes is to cross-reference a couple of characters between the copied address and the pasted one, to see if they match. Usually, users would check the last few characters.
Generating countless addresses?
That’s exactly the safety measure the new Laplas Clipper is looking to eliminate, and it does so by generating addresses that are seemingly identical to the authentic ones.
Exactly how Laplas does this is not yet clear, researchers from Cyble said, as the process takes place on the attacker's server, and crypto addresses are sometimes a string of more than 40 characters.
One of the potential answers is that the malware operators generated countless addresses in advance, and the tool just uses the one most closely resembling the authentic one, at the moment.
When BleepingComputer put the clipper to the test, it came out with mixed results. While bitcoin addresses matched the first, and the last few characters, Ethereum addresses were not even close. In general, the clipper hunts for addresses for these cryptocurrencies: Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero, Ripple, ZCash, Dash, Ronin, Tron, and Steam Trade URL.
The tool comes in a subscription model, with pricing being $29 for one Sunday, $59 for a month, $159 for three months, $299 for half a year, and $549 for a full year.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba