Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Laplas ( Clipper ) – Malware

June 1, 2023
Reading Time: 3 mins read
in Malware, Types of Malware
Name Laplas
Type of Malware Clipper
Location – Country of Origin Russia
Date of initial activity 2022
Associated Groups APT28 ( Fancy Bear, Sofacy ), APT34 ( Nobelium, Cozy Bear ) Lazarus Group ( Hidden Cobra )
Motivation The goal of clipper malware like Laplas is to hijack a virtual currency transaction intended for a legitimate recipient to a wallet owned by the threat actor.
Attack Vectors Phishing emails, Malware-infected websites, Drive-by download, USB drives, P2P file sharing
Targeted System Windows, macOS, Linux, Android, iOS

Overview

Laplas is a clipper malware that spreads via other malware. Currently, the downloader SmokeLoader is spreading Laplas via phishing emails that contain malicious documents.

Targets

  • Cryptocurrency users
  • Government and military organizations
  • Financial institutions
  • Businesses Individuals

Tools/ Techniques Used

This malware hijacks a cryptocurrency transaction by swapping a victim’s wallet address with the wallet address owned by TAs.

Impact / Significant Attacks

In November 2022, Laplas malware was used to steal cryptocurrency from a number of victims. The malware was delivered through phishing emails that appeared to be from a legitimate cryptocurrency exchange. When victims opened the emails, they were tricked into clicking on a malicious link that installed the malware on their computers. The malware then stole the victims’ cryptocurrency wallet addresses and passwords, which were then used to steal their cryptocurrency.

In December 2022, Laplas malware was used to attack a number of government and military organizations in the United States. The malware was delivered through spear phishing emails that targeted specific individuals at these organizations. When the victims opened the emails, they were tricked into clicking on a malicious link that installed the malware on their computers. The malware then stole the victims’ sensitive information, such as passwords, credit card numbers, and government clearances.

In January 2023, Laplas malware was used to attack a number of financial institutions in Europe. The malware was delivered through phishing emails that appeared to be from a legitimate financial institution. When victims opened the emails, they were tricked into clicking on a malicious link that installed the malware on their computers. The malware then stole the victims’ banking information, which was then used to steal their money.

Indicators of Compromise (IoCs)

Domains

Clipper[.]guru

IPs

185[.]223[.]93[.]251
188[.]34[.]207[.]137
45[.]159[.]189[.]105
79[.]137[.]199[.]252

References

  1. New Laplas Clipper Distributed via SmokeLoader
  2. New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader
  3. Top 10 Malware Q1 2023
Tags: APT28AttackersClipperCybersecurityEmailHackingLaplasLaplas ClipperMalwaremalware nameRussia
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Subscribe to our newsletter

    Latest Incidents

    Canada WestJet Airline Contains Cyberattack

    Hackers Leak 10K VirtualMacOSX Customer Data

    Washington Post Investigates Cyberattack on Emails

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial