ProstoClipper

ProstoClipper is a threat that appears to be the product of conmen who originate from Russia. ProstoClipper is somewhat similar to another threat called ProstoStealer, which also is the product of Russian-speaking cybercriminals. Both threats are being advertised on underground hacking forums since they are what is referred to as malware-as-a-commodity. This means that any conmen who wish to use the ProstoClipper or the ProstoStealer can purchase them. There are different payment plans offering a different variety of features. However, the creators of the ProstoClipper malware do not sell the source code of the threat. Due to this, it is not likely that any other cyber crooks, apart from the threat’s authors, will be able to modify the functionality of the ProstoClipper malware

The ProstoClipper threat goes after users who are dealing with cryptocurrencies. The ProstoClipper malware is not a very complex threat, and it is only 50KB in size. The only purpose of this threat is to monitor and modify the information saved on the user’s clipboard. This may not seem a lot, but it is more than enough to cause significant monetary loss. When the ProstoClipper malware detects that the user has copied the address of a cryptocurrency wallet, it will replace the string of characters with the wallet address of its operators. This way, if the user tries to make a cryptocurrency payment and they are not paying close attention to the wallet address they fill in, the attackers will receive their money, instead of the intended recipient. This is a rather simple trick that many cybercriminals are utilizing.

Malware-as-a-commodity threats are very threatening as anyone can buy and use them, which means that there can be countless different infection vectors used by the cyber crooks utilizing the threats.