Home Security New Laplas Clipper Malware Focusing on Cryptocurrency Customers by way of SmokeLoader

New Laplas Clipper Malware Focusing on Cryptocurrency Customers by way of SmokeLoader

by crpt os


Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader.

SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble.

Observed in the wild since circa 2013, SmokeLoader functions as a generic loader capable of distributing additional payloads onto compromised systems, such as information-stealing malware and other implants. In July 2022, it was found to deploy a backdoor called Amadey.

Cyble said it discovered over 180 samples of the Laplas since October 24, 2022, suggesting a wide deployment.

Laplas Clipper Malware

Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls cryware, which are designed to steal crypto by keeping close tabs on a victim’s clipboard activity and swapping the original wallet address, if present, with an attacker-controlled address.

Laplas Clipper Malware

The goal of clipper malware like Laplas is to hijack a virtual currency transaction intended for a legitimate recipient to that owned by the threat actor.

“Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address,” the researchers pointed out. “The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.”

CyberSecurity

The newest clipper malware offers support for a variety of wallets like Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dogecoin, Monero, Ripple, Zcash, Dash, Ronin, TRON, Cardano, Cosmos, Tezos, Qtum, and Steam Trade URL. It’s priced from $59 a month to $549 a year.

It also comes with its own web panel that enables its purchasers to get information about the number of infected computers and the active wallet addresses operated by the adversary, in addition to allowing for adding new wallet addresses.

“SmokeLoader is a well-known, highly configurable, effective malware that TAs [threat actors] are actively renovating,” the researchers concluded.

“It is a modular malware, indicating it can get new execution instructions from [command-and-control] servers and download additional malware for expanded functionality. In this case, the TAs use three different malware families for financial gain and other malicious purposes.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex