A new clipper malware has been discovered, taking cryptocurrency theft to a whole new level, say researchers.
Clippers are a known security threat, as they are malware variants that monitor an endpoint's clipboard on Windows (opens in a new tab), and when they see that a user has copied a cryptocurrency wallet address to the clipboard, they replace it with an address belonging to the attacker. This way, when the victim sends their funds, they are actually sending them to a wallet that belongs to the attackers.
But the attack is quite easy to detect, especially for the most security-conscious users (which are usually crypto users): just cross a few characters between the copied and pasted address, to see if they match. Usually users check the last characters.
Generate countless addresses?
This is exactly the security measure that the new Laplas Clipper seeks to eliminate, and it does so by generating addresses that appear identical to genuine addresses.
Exactly how Laplas does this is still unclear, Cyble researchers said, because the process takes place on the attacker's server and cryptographic addresses are sometimes a string of more than 40 characters.
One possible answer is that the malware operators have generated countless addresses in advance, and the tool only uses the one that seems most authentic, for now.
When BleepingComputer put the mower to the test, the results were mixed. While bitcoin addresses matched the first and last characters, Ethereum addresses weren't even close. In general, the clipper looks for addresses for these cryptocurrencies: Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero, Ripple, ZCash, Dash, Ronin, Tron, and Steam Trade URLs.
The tool is available in a subscription model, priced at €29 for a Sunday, €59 for a month, €159 for three months, €299 for six months, and €549 for a full year.
Via: BleepingComputer (Opens in a new tab)