This sneaky hijack malware replaces your crypto addresses with lookalikes
Be careful what you're pasting when sending crypto
A brand new clipper malware has been found taking the theft of cryptocurrency to a whole new level, researchers have claimed.
Clippers are a well-known security threat, as they are malware variants that monitor the clipboard of a Windows-powered endpoint, and when they see that a user copied a cryptocurrency wallet address to the clipboard, they’ll replace it with an address belonging to the attacker. That way, when the victim sends their funds, they’re actually sending them to a wallet belonging to the attackers.
But the attack is quite easy to spot, especially for more security-aware users (which crypto users generally are) - all it takes is to cross-reference a couple of characters between the copied address and the pasted one, to see if they match. Usually, users would check the last few characters.
Generating countless addresses?
That’s exactly the safety measure the new Laplas Clipper is looking to eliminate, and it does so by generating addresses that are seemingly identical to the authentic ones.
Exactly how Laplas does this is not yet clear, researchers from Cyble said, as the process takes place on the attacker's server, and crypto addresses are sometimes a string of more than 40 characters.
One of the potential answers is that the malware operators generated countless addresses in advance, and the tool just uses the one most closely resembling the authentic one, at the moment.
When BleepingComputer put the clipper to the test, it came out with mixed results. While bitcoin addresses matched the first, and the last few characters, Ethereum addresses were not even close. In general, the clipper hunts for addresses for these cryptocurrencies: Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero, Ripple, ZCash, Dash, Ronin, Tron, and Steam Trade URL.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The tool comes in a subscription model, with pricing being $29 for one Sunday, $59 for a month, $159 for three months, $299 for half a year, and $549 for a full year.
- Here's our rundown of the best ID theft protection tools available
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.