Threat actors have included in their sophisticated attacks the Laplas Clipper to deceive and target cryptocurrency users. According to researchers, the Laplas Clipper is a newly discovered feature-packed clipboard stealer that enables a threat actor to acquire more control and knowledge of its targeted environment.
The Laplas Clipper could execute sophisticated methods for its user.
Based on reports, the Laplas Clipper could monitor the victim’s clipboard activity and replace the wallet address with a nearly identical one during a transaction. Hence, the clipboard could redirect the transaction to the attacker-controlled wallet address without raising suspicion.
Analysts have also noted that the process occurs on the threat actor’s server, speculating how the attackers identify and generate a cloned address for a brief period.
The researchers believed that the threat actors use regular expressions or have pre-developed multiple addresses before their attacks, which increases the possibility that the actors already have a list of targets.
The Laplas actors claimed they could develop an address closely identical to the original input as fast as five seconds. Subsequently, the created addresses are added by the operators to the web panel for more than two days, together with the balance that the hackers hold.
Furthermore, the attackers enable its targets to use Telegram accounts to store the access keys and show alerts regarding any of the clipper’s actions on the infected host.
Currently, the newly discovered stealer supports wallet address generation for various cryptocurrencies such as Ethereum, Dogecoin, Cosmos, Qtum, Zcash, Litecoin, Monero, Ripple, Bitcoin, and Bitcoin Cash.
The Laplas Clipper operators advertise the subscription for their stealer on darknet forums with additional details. Researchers noted that the highest price for this payload reaches nearly $550 for annual usage.
For its propagation, the SmokeLoader is the primary loader to download and load different malware strains, such as Raccoon Stealer 2.0, Laplas, and SystemBC RAT.
The Laplas Clipper has attracted many cybercrime communities since it offers a prominent level of consistency and sophistication. Cybersecurity experts warn crypto users regarding this new threat as many cybercriminal operations expressed their support to Laplas.
