Heimdal
article featured image

Contents:

Cryptocurrency users are once again threatened by cyberattacks, this time in the shape of a new clipper malware strain called Laplas, deployed via SmokeLoader.

Researchers claim they have identified more than 180 different samples related to the clipper malware in the last two weeks, suggesting a wide scale deployment.

Source

SmokeLoader is usually delivered through spear phishing emails, and acts as a channel for other trojans such as Raccoon Stealer for example. Ever since its introduction back in 2013, it was used to drop additional payloads into compromised systems, while starting from July 2022 it resurfaced as a means to deploy the Amadey backdoor.

What Are Clippers?

Also known as ClipBankers, clippers are a category of malware that Microsoft calls cryware, which steals cryptocurrencies by making changes to the victim’s system clipboard activity and swapping the destination wallet with one belonging to the attacker.

With Laplas Clipper, the malware generates a wallet address imitating the one owned by the victim, with the ultimate the goal of hijacking virtual currency transactions, so that instead of the legitimate recipient, the threat actor receives the payment.

The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

Source

Malware-as-a-Service

Since we are in fact talking about MaaS, Laplas Clipper comes with a price list attached, as follows:

  • $29 / 1 Sunday
  • $59 / 1 month
  • $159 / 3 months
  • $299 / 6 months
  • $549 / 1 year

Further, as The Hacker News points out, it offers support for a variety of wallets like Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero Ripple, and others. It also has its own web panel enabling purchasers to get information about the exact number of active wallet addresses being operated, in addition to allowing for adding new ones.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE