Laplas Clipper, a new malware that swaps cryptocurrency wallet data in the system’s clipboard

November 17, 2022

Cyble’s security team, released a report in early November on a previously unobserved malware module called Laplas Clipper. This Malware belongs to the family of the so-called ‘clipboard stealers’, used to steal and manipulate data stored by the operating system in the clipboard. It mainly targets users who use cryptocurrency wallets on their computers, and its main task is to perform ‘background’ (almost real-time) substitution of the address of the cryptocurrency wallet – to which the user (victim) transfers funds – to an address belonging to cybercriminals.

What distinguishes the described tool from others similar, is the way it swaps wallet addresses. The creators of Laplas Clipper have designed their malware in such a way that the address of the wallet to which the original address is swapped resembles it as closely as possible, in order to make it difficult even for careful and observant users to recognize the scam they are about to fall victim to. For example, the BTC address to which the correct address is substituted uses the same first and last few characters.

Like any malware these days, it is distributed on a subscription model, with the most expensive variant of Laplas Clipper costing $549 for a year, offering, among other things, a user-friendly web-based administration interface and Telegram notifications of malware activity on compromised hosts.

New Laplas Clipper Distributed via SmokeLoader
New clipboard hijacker replaces crypto wallet addresses with lookalikes

Published by: CERT EXATEL

Related articles