8 hours ago
Prosto Clipper is a type of malicious cryptocurrency clipper malware designed to hijack clipboard data and replace wallet addresses during transactions. First detected in underground cybercrime forums, the 2024 variant has evolved with enhanced evasion techniques, making it a significant threat to traders, investors, and everyday users. Unlike traditional stealers, Prosto Clipper operates silently, monitoring clipboard activity and altering copied crypto addresses to redirect funds to attackers’ wallets.
Detailed Features of Prosto Clipper (Version)Prosto Clipper employs advanced techniques to remain undetected while maximizing theft efficiency. Below are its key features:
1. Clipboard Hijacking & Crypto Address Swapping
- Real-Time Monitoring: Scans clipboard for cryptocurrency wallet addresses (Bitcoin, Ethereum, Monero, etc.).
- Dynamic Replacement: Swaps legitimate wallet addresses with attacker-controlled ones.
- Smart Filtering: Ignores non-crypto text to avoid raising suspicion.
- Process Hollowing: Injects malicious code into legitimate processes (e.g., explorer.exe) to bypass AV scans.
- Code Obfuscation: Uses polymorphic encryption to evade signature-based detection.
- Delayed Execution: Waits for a stable internet connection before activating to avoid sandbox analysis.
- Registry Modifications: Creates auto-run entries to survive system reboots.
- Task Scheduler Abuse: Sets up scheduled tasks for periodic execution.
- Rootkit Capabilities: Hides malicious processes from Task Manager (in advanced variants).
- Encrypted C2 Servers: Uses HTTPS or Telegram bots for remote control.
- Dynamic Wallet Updates: Attackers can change destination addresses on the fly.
- Victim Profiling: Logs system info (OS, IP, installed apps) for targeted attacks.
