Cryptocurrency users are being targeted with the novel Laplas Clipper clipboard stealer, which is being delivered using Smoke Loader
and Raccoon Stealer 2.0, BleepingComputer
Daily active samples of Laplas Clipper, which leverages cryptocurrency wallet addresses spoofing those of legitimate wallets, have increased from less than 20 to 55 during the past month, a report from Cyble revealed. While
typical clipboard stealers activate upon detection of cryptocurrency addresses being copied as payment destinations and change the address to those belonging to attackers, Laplas leverages significantly similar addresses to the ones copied by victims. Such a mechanism may be possible due to the massive number of pre-generated addresses by Laplas hackers, which is believed to be occurring on the server of attackers.
The report also showed that Laplas Clipper enables generation of addresses for Bitcoin, Bitcoin Cash, Algogrand, Ethereum, Litecoin, Monero, Dogecoin, Ripple, Ravecoin, Zcash, Tron, Ronin, Dash, Solana, Cardano, Tezos, Qtum, Cosmos, and Steam Trade URLs.