Threat actors have developed a new approach to deceive cryptocurrency users. They are using Laplas Clipper, a new feature-rich clipboard stealer that allows hackers to gain more control and insights into target environments.
How does it work?
Laplas actively monitors the victim’s clipboard activity and replaces the wallet address with a lookalike wallet address during the transactions. It redirects the transaction to the threat actor's wallet address within a few seconds, without generating any suspicion.
- Since this process takes place on the attacker's server, it is unknown how it identifies and generates a similar-looking address in such a short duration.
- It is suspected that it is either using regular expressions or its operators have pre-generated a massive number of addresses in advance, which it can match and pick accordingly.
- Laplas operators claim that it can generate an address similar to the original input as fast as one to five seconds. The generated addresses are added to the web panel for three days, along with the balance hackers currently hold.
Moreover, the operators allow users to use Telegram accounts to store the access keys and receive real-time alerts about any of the clipper’s actions on the compromised hosts.
Rise of Laplas Clipper
Cyble researchers found that Laplas Clipper infections are increasing in numbers across the world.
- More than 180 different samples have been found in a short time span. The number of samples identified in late October increased from less than 20 a day to 55.
- The clipper supports wallet address generation for a wide range of popular cryptocurrencies such as Bitcoin, Bitcoin Cash, Litecoin, Ethereum, Dogecoin, Monero, Ripple, Cosmos, Qtum, and Zcash.
The distribution
- The clipper operators are advertising the subscription model on darknet forums with feature details. Its most expensive tier is $549 for a year's access to the web-based panel.
- For distribution, SmokeLoader works as a primary loader to download and load other malware such as SystemBC RAT, Raccoon Stealer 2.0, and Laplas as additional malware into the victim’s system.
Conclusion
Laplas has managed to gain the attention of the cybercrime community due to its high operational efficiency and sophistication. With the support of prominent players such as SmokeLoader and Raccoon Stealer 2.0, it can soon become a key tool for cybercriminals.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_95183182.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_285058184.jpg)
