"New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader"

A new clipper malware strain called Laplas through another malware known as SmokeLoader is targeting cryptocurrency users. According to a Cyble analysis, SmokeLoader, which is delivered via weaponized documents sent by spear-phishing emails, also acts as a conduit for other commodity Trojans such as SystemBC and Raccoon Stealer 2.0. SmokeLoader, seen in the wild since around 2013, functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. It was discovered to deploy a backdoor known as Amadey in July 2022. Since October 24, 2022, Cyble has discovered over 180 Laplas samples, indicating a widespread deployment. Clippers, also known as ClipBankers, are a type of malware classified by Microsoft as cryware. They are designed to steal cryptocurrency by monitoring a victim's clipboard activity and replacing the original wallet address, if present, with an attacker-controlled address. The goal of clipper malware such as Laplas is to redirect a virtual currency transaction intended for a legitimate recipient to the threat actor's account. According to the researchers, Laplas is a new clipper malware that generates a wallet address that is similar to the victim's wallet address. The victim will not notice the difference in the address, increasing the likelihood of successful clipper activity. The new clipper malware includes wallet support for Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero, Ripple, Zcash, Dash, Ronin, TRON, Cardano, Cosmos, Tezos, Qtum, and Steam Trade URL. It ranges in price from $59 per month to $549 per year. It also includes its own web panel, which allows purchasers to obtain information about the number of infected computers and active wallet addresses operated by the adversary, as well as add new wallet addresses. This article continues to discuss the new Laplas clipper malware strain.

THN reports "New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader"

Submitted by Anonymous on