[Warning]: Laplas, new clipboard malware

[Dave1]

There is a new clipboard malware dubbed LAPLAS and it target cryptocurrency users.

And it is being drop through what researchers called SmokeLoader, wherein the victims are being distributed through email campaigns vs via malicious documents such as Word/PDF documents. So that is the first red flag, if you see emails coming from unknown sources, delete it immediately.

And the new Laplas clipper:

Clipper is a family of malicious programs that targets cryptocurrency users. This malware hijacks a cryptocurrency transaction by swapping a victim’s wallet address with the wallet address owned by TAs. When a user tries to make a payment from their cryptocurrency account, it redirects the transaction to TAs account instead of their original recipient. Clipper malware performs this swap by monitoring the clipboard of the victim’s system, where copied data is stored. Whenever the user copies data, the clipper verifies if the clipboard data contains any cryptocurrency wallet addresses. If found, the malware replaces it with the TAs wallet address, resulting in the victim’s financial loss.

Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

and the target cryptos are:



And what makes it dangerous is that this Clipboard malware has the capability to used pre or post fix, so

 it's really hard for us if we are not going to double or triple check the address that we are going to send our cryptos.

https://blog.cyble.com/2022/11/02/new-laplas-clipper-distributed-by-smokeloader/

[1715065281]

1715065281

[1715065281]

1715065281

[1715065281]

1715065281

[Lucius]

So that is the first red flag, if you see emails coming from unknown sources, delete it immediately.

I think that there is more effective if such an e-mail is reported as spam, which will help possible future potential victims to have such an e-mail redirected to their spam folder, where it will be automatically deleted after some time. Deletion alone achieves nothing except freeing up storage space in case it is limited to a very small amount of data that can be stored on e-mail.

Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

This is nothing new, because even before such programs had the function of generating a coin address as similar as possible to deceive those who check only the beginning or end of the address. I always check the coin address using the hardware wallet, and for each larger amount I do it several times before I click on the final send button.

[Taskford]

Laplas is new clipper malware that generates a wallet address similar to the victim’s wallet address. The victim will not notice the difference in the address, which significantly increases the chances of successful clipper activity.

This is nothing new, because even before such programs had the function of generating a coin address as similar as possible to deceive those who check only the beginning or end of the address. I always check the coin address using the hardware wallet, and for each larger amount I do it several times before I click on the final send button.

Many incident happen already about it and most provably many are aware about this type of malware so we really need to check if not once twice or even trice the wallet address we use before making the transaction done to avoid any loss by such horrific creation by rascals.

We need to be vigilant for all the time and always check the installed software so that we will not possibly get the bad ones which can cause harm to us.

[DdmrDdmr]

I read about it a few days ago, and commented on it on my local board. In a fashion similar to other types of malware, Laplas Clipper can also be hired by other thugs to use it, paying a certain fee for the time they plan on using it.

As suggested, the concept of "new" here doesn’t apply to the malware type itself. I figure it’s more in line with expressing the fact that it’s a new kid on the block (as in "another one"), albeit not unique.

The articles depicts that the similar type of address is generated by the malware through a call to a server (GetAddress()), though it does not depict just how close the address can get to be. The software description on figure 3 indicates that the user can choose to match the prefix or postfix of the original address, yet it does not indicate how many characters it can match.

Figure 9 provides an example where the first four characters of the address are matched (not that difficult, since it was a bc1 type address, as well as the last three. Aside from that, nothing looks remotely similar, so it doesn’t seem better than other instances we might haver read about.

As marketing tends to do, this case might oversell expectations to the potential customer of the malware software: "It will generate a similar address and the person will not notice the difference!" (they state on figure 3). Obviously another danger lurking around though.

[dkbit98]

There is a new clipboard malware dubbed LAPLAS and it target cryptocurrency users.

This malware is again using wiNd0ws operating system and software like word that works on same system, so simple solution would be to switch to Linux or Mac os.
Linux is open source and most malware would not work in system like this, there would be less or not spying, and there would be no need for using any antiviruses.
All Bitcoin wallets would work just fine on Linux so I highly recommend trying something like Debian, Fedora or Open Suse OS.

[lovesmayfamilis]

The originality of this clipper is really amazing. Users need to be very careful, as the wallet address that Laplas creates is very similar to the address of the victim himself. Therefore, it is not enough to check the first and last few characters of your wallet address, as there is a danger of similarity. I have read that it is possible that the hackers pre-generated several hundred addresses so that the clipper can best mask the wallet input.
And again, of course, because this "gift" works on Windows systems, I wholeheartedly support the call of those who advise stopping trusting this leaky system and switching to Linux systems.

[SFR10]

And what makes it dangerous is that this Clipboard malware has the capability to used pre or post fix, so

It reminds me of the "EthClipper" malware from last year and for some reason, it doesn't seem to have any kind of support for Taproot ^[Bech32m] addresses ^{[Figure 12]}.

We need to be vigilant for all the time and always check the installed software so that we will not possibly get the bad ones which can cause harm to us.

It's best to check for such things "prior to" downloading/installing them!

[Saisher]

The originality of this clipper is really amazing. Users need to be very careful, as the wallet address that Laplas creates is very similar to the address of the victim himself. Therefore, it is not enough to check the first and last few characters of your wallet address, as there is a danger of similarity. I have read that it is possible that the hackers pre-generated several hundred addresses so that the clipper can best mask the wallet input.
And again, of course, because this "gift" works on Windows systems, I wholeheartedly support the call of those who advise stopping trusting this leaky system and switching to Linux systems.

These hackers are getting better we always check the first and last letter because its the easiest way to check if you have this kind of malware, but now there's a similarity in our address many will fall into this if they have this malware, there are many ways to lose in Cryptocurrency, you lose on trading, you lose on holding, you lose on storing in exchange like what happened on FTX but the worse one is losing your coin to this malware.

[PX-Z]

Basic email security to avoid malware and other malicious things should be following this.

If you see emails coming from unknown sources, delete it immediately.

Fortunately, with the use of gmail, most emails that are suspicious are moved to spam folder and sometimes they automatically delete it then tell you what email it is in a notification.

Regarding the malware, i wonder if it's both windows and android phones, same with IoS. Because most smartphone OS are invulnerable on such malware. But regardless, it should be taken seriously, either what device's OS the anyone is using.

[kamvreto]

Fortunately, with the use of gmail, most emails that are suspicious are moved to spam folder and sometimes they automatically delete it then tell you what email it is in a notification.

most of it will go straight to the spam folder, but there are several foreign emails that appear offering scam investments and giving bitcoin prizes which actually lead to phishing sites. this requires manual action to move it to the spam folder and delete or block the email sending the spam.

Regarding the malware, i wonder if it's both windows and android phones, same with IoS. Because most smartphone OS are invulnerable on such malware. But regardless, it should be taken seriously, either what device's OS the anyone is using.

Windows, Android and iOS are not immune, all have weaknesses, and scammers who make malware have also targeted what devices they want to attack. Usually, Windows users often become victims of some malware that will attack the system as described by the OP, namely Laplasp malware, new clipboard malware, and some malware that can infect files so they can be locked. Therefore, to avoid and prevent malware or viruses from infecting you, use an antivirus as initial protection so you don't get infected.