Author

Topic: [Warning]: Laplas, new clipboard malware (Read 213 times)

legendary
Activity: 1946
Merit: 1157
MAaaN...!! CUT THAT STUPID SHIT
November 15, 2022, 05:54:00 PM
#10

Fortunately, with the use of gmail, most emails that are suspicious are moved to spam folder and sometimes they automatically delete it then tell you what email it is in a notification.
most of it will go straight to the spam folder, but there are several foreign emails that appear offering scam investments and giving bitcoin prizes which actually lead to phishing sites. this requires manual action to move it to the spam folder and delete or block the email sending the spam.

Regarding the malware, i wonder if it's both windows and android phones, same with IoS. Because most smartphone OS are invulnerable on such malware. But regardless, it should be taken seriously, either what device's OS the anyone is using.


Windows, Android and iOS are not immune, all have weaknesses, and scammers who make malware have also targeted what devices they want to attack. Usually, Windows users often become victims of some malware that will attack the system as described by the OP, namely Laplasp malware, new clipboard malware, and some malware that can infect files so they can be locked. Therefore, to avoid and prevent malware or viruses from infecting you, use an antivirus as initial protection so you don't get infected.
hero member
Activity: 1554
Merit: 880
pxzone.online
November 14, 2022, 05:48:51 PM
#9
Basic email security to avoid malware and other malicious things should be following this.

If you see emails coming from unknown sources, delete it immediately.

Fortunately, with the use of gmail, most emails that are suspicious are moved to spam folder and sometimes they automatically delete it then tell you what email it is in a notification.

Regarding the malware, i wonder if it's both windows and android phones, same with IoS. Because most smartphone OS are invulnerable on such malware. But regardless, it should be taken seriously, either what device's OS the anyone is using.
full member
Activity: 2324
Merit: 175
November 14, 2022, 09:57:22 AM
#8
The originality of this clipper is really amazing. Users need to be very careful, as the wallet address that Laplas creates is very similar to the address of the victim himself. Therefore, it is not enough to check the first and last few characters of your wallet address, as there is a danger of similarity. I have read that it is possible that the hackers pre-generated several hundred addresses so that the clipper can best mask the wallet input.
And again, of course, because this "gift" works on Windows systems, I wholeheartedly support the call of those who advise stopping trusting this leaky system and switching to Linux systems.

These hackers are getting better we always check the first and last letter because its the easiest way to check if you have this kind of malware, but now there's a similarity in our address many will fall into this if they have this malware, there are many ways to lose in Cryptocurrency, you lose on trading, you lose on holding, you lose on storing in exchange like what happened on FTX but the worse one is losing your coin to this malware.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
November 12, 2022, 12:33:16 PM
#7
And what makes it dangerous is that this Clipboard malware has the capability to used pre or post fix, so
It reminds me of the "EthClipper" malware from last year and for some reason, it doesn't seem to have any kind of support for Taproot [Bech32m] addresses [Figure 12].

We need to be vigilant for all the time and always check the installed software so that we will not possibly get the bad ones which can cause harm to us.
It's best to check for such things "prior to" downloading/installing them!
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
November 10, 2022, 03:11:12 AM
#6
The originality of this clipper is really amazing. Users need to be very careful, as the wallet address that Laplas creates is very similar to the address of the victim himself. Therefore, it is not enough to check the first and last few characters of your wallet address, as there is a danger of similarity. I have read that it is possible that the hackers pre-generated several hundred addresses so that the clipper can best mask the wallet input.
And again, of course, because this "gift" works on Windows systems, I wholeheartedly support the call of those who advise stopping trusting this leaky system and switching to Linux systems.
legendary
Activity: 2212
Merit: 7064
November 09, 2022, 11:24:09 AM
#5
There is a new clipboard malware dubbed LAPLAS and it target cryptocurrency users.
This malware is again using wiNd0ws operating system and software like word that works on same system, so simple solution would be to switch to Linux or Mac os.
Linux is open source and most malware would not work in system like this, there would be less or not spying, and there would be no need for using any antiviruses.
All Bitcoin wallets would work just fine on Linux so I highly recommend trying something like Debian, Fedora or Open Suse OS.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
November 09, 2022, 10:05:30 AM
#4
I read about it a few days ago, and commented on it on my local board. In a fashion similar to other types of malware, Laplas Clipper can also be hired by other thugs to use it, paying a certain fee for the time they plan on using it.

As suggested, the concept of "new" here doesn’t apply to the malware type itself. I figure it’s more in line with expressing the fact that it’s a new kid on the block (as in "another one"), albeit not unique.

The articles depicts that the similar type of address is generated by the malware through a call to a server (GetAddress()), though it does not depict just how close the address can get to be. The software description on figure 3 indicates that the user can choose to match the prefix or postfix of the original address, yet it does not indicate how many characters it can match.

Figure 9 provides an example where the first four characters of the address are matched (not that difficult, since it was a bc1 type address, as well as the last three. Aside from that, nothing looks remotely similar, so it doesn’t seem better than other instances we might haver read about.

As marketing tends to do, this case might oversell expectations to the potential customer of the malware software: "It will generate a similar address and the person will not notice the difference!" (they state on figure 3). Obviously another danger lurking around though.
hero member
Activity: 2520
Merit: 783
November 09, 2022, 07:17:26 AM
#3
Quote
Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

This is nothing new, because even before such programs had the function of generating a coin address as similar as possible to deceive those who check only the beginning or end of the address. I always check the coin address using the hardware wallet, and for each larger amount I do it several times before I click on the final send button.

Many incident happen already about it and most provably many are aware about this type of malware so we really need to check if not once twice or even trice the wallet address we use before making the transaction done to avoid any loss by such horrific creation by rascals.

We need to be vigilant for all the time and always check the installed software so that we will not possibly get the bad ones which can cause harm to us.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
November 09, 2022, 06:29:45 AM
#2
So that is the first red flag, if you see emails coming from unknown sources, delete it immediately.

I think that there is more effective if such an e-mail is reported as spam, which will help possible future potential victims to have such an e-mail redirected to their spam folder, where it will be automatically deleted after some time. Deletion alone achieves nothing except freeing up storage space in case it is limited to a very small amount of data that can be stored on e-mail.



Quote
Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

This is nothing new, because even before such programs had the function of generating a coin address as similar as possible to deceive those who check only the beginning or end of the address. I always check the coin address using the hardware wallet, and for each larger amount I do it several times before I click on the final send button.
hero member
Activity: 1414
Merit: 542
November 09, 2022, 05:00:40 AM
#1
There is a new clipboard malware dubbed LAPLAS and it target cryptocurrency users.

And it is being drop through what researchers called SmokeLoader, wherein the victims are being distributed through email campaigns vs via malicious documents such as Word/PDF documents. So that is the first red flag, if you see emails coming from unknown sources, delete it immediately.

And the new Laplas clipper:

Quote
Clipper is a family of malicious programs that targets cryptocurrency users. This malware hijacks a cryptocurrency transaction by swapping a victim’s wallet address with the wallet address owned by TAs. When a user tries to make a payment from their cryptocurrency account, it redirects the transaction to TAs account instead of their original recipient. Clipper malware performs this swap by monitoring the clipboard of the victim’s system, where copied data is stored. Whenever the user copies data, the clipper verifies if the clipboard data contains any cryptocurrency wallet addresses. If found, the malware replaces it with the TAs wallet address, resulting in the victim’s financial loss.

Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

and the target cryptos are:



And what makes it dangerous is that this Clipboard malware has the capability to used pre or post fix, so

 it's really hard for us if we are not going to double or triple check the address that we are going to send our cryptos.

https://blog.cyble.com/2022/11/02/new-laplas-clipper-distributed-by-smokeloader/
Jump to: