Contents:
Cryptocurrency users are once again threatened by cyberattacks, this time in the shape of a new clipper malware strain called Laplas, deployed via SmokeLoader.
Researchers claim they have identified more than 180 different samples related to the clipper malware in the last two weeks, suggesting a wide scale deployment.
SmokeLoader is usually delivered through spear phishing emails, and acts as a channel for other trojans such as Raccoon Stealer for example. Ever since its introduction back in 2013, it was used to drop additional payloads into compromised systems, while starting from July 2022 it resurfaced as a means to deploy the Amadey backdoor.
What Are Clippers?
Also known as ClipBankers, clippers are a category of malware that Microsoft calls cryware, which steals cryptocurrencies by making changes to the victim’s system clipboard activity and swapping the destination wallet with one belonging to the attacker.
With Laplas Clipper, the malware generates a wallet address imitating the one owned by the victim, with the ultimate the goal of hijacking virtual currency transactions, so that instead of the legitimate recipient, the threat actor receives the payment.
The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.
Malware-as-a-Service
Since we are in fact talking about MaaS, Laplas Clipper comes with a price list attached, as follows:
- $29 / 1 Sunday
- $59 / 1 month
- $159 / 3 months
- $299 / 6 months
- $549 / 1 year
Further, as The Hacker News points out, it offers support for a variety of wallets like Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero Ripple, and others. It also has its own web panel enabling purchasers to get information about the exact number of active wallet addresses being operated, in addition to allowing for adding new ones.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.