Qulab Clipper

Qulab Clipper Description

The Qulab Clipper is a Trojan that is used to collect information from its victims. The Qulab Clipper is designed to monitor the infected computer's clipboard, waiting for the victim to copy a digital currency wallet address or other information associated with digital currency transactions. The Qulab Clipper will then replace this information, as well as collect it and other data. In fact, the Qulab Clipper also is capable of gathering private data from the victim's computer. The Qulab Clipper seems similar to previous threats that carried out similar tactics but has various other features that make it a more advanced version of the same threat kind. The Qulab Clipper was developed by Russian programmers and is being distributed on hacking forums currently.

The Qulab Clipper Collects Data and Uses Your PC's Power

The Qulab Clipper is being distributed together with Command and Control servers dedicated to the Qulab Clipper, which communicates using the Telegram IM client to transfer commands. The Qulab Clipper also transmits data it gathers to its controllers via email. The Qulab Clipper can carry out its attack in a variety of ways, does not require administrator privileges, and can remain active on the infected computer through a Windows scheduled task. The Qulab Clipper does not require dependencies and can work right away, not taking up much memory. The purpose of the Qulab Clipper is to collect information and trick the victims into transferring digital currency to the criminals.

What Data Type can the Qulab Clipper Collect?

The Qulab Clipper is operated by a control panel that allows the criminals to have access to the following data, as well as various other information types:

  • The Qulab Clipper can be used to collect Web browser passwords from commonly used Web browsers.
  • The Qulab Clipper can be used to collect saved credit card information from Web browsers.
  • The Qulab Clipper can monitor autocomplete settings on commonly used Web browsers to help collect login information and other information.
  • The Qulab Clipper can monitor digital currency wallets and offline digital currency wallets.
  • The Qulab Clipper can observe which users log into the computer and their settings.
  • The Qulab Clipper can take a screenshot of the victim's desktop and keep text notes based on the victim's activity.
  • The Qulab Clipper can monitor session files and configuration files for Steam, allowing it to collect information associated with this platform.
  • The Qulab Clipper can monitor Web browser cookies and browsing history.
  • The Qulab Clipper is capable of looking through the Telegram messenger sessions, which may include cookies and authentication tokens.
  • The Qulab Clipper can be used to collect information associated with Discord, Filezilla, Exodus, and other commonly used software that may give criminals access to valuable information.

Apart from the above, the Qulab Clipper is also capable of substituting the following parameters whenever they appear onto the victim's computer's clipboard:

QIWI, Yandex Money, WMR, WMU, WME, WMZ, WMX, Bitcoin, Bitcoin Cash, Bitcoin Gold, Ethereum, Dash, Litecoin, ZCash, Monero, Bytecoin, Doge, Electronium, Neo, Cardano, Lisk, Stratis, Waves, Qtum, VIA, Graft, Ripple and Steam Trade Link

This allows the Qulab Clipper to intercept potentially valuable digital currency transactions.

Why the Criminals Purchase the Qulab Clipper

The criminals can purchase the Qulab Clipper for approximately 20€ in digital currency and the ones operating the Qulab Clipper can even provide technical support. Threats that carry out attacks like the Qulab Clipper's are not rare, and computer users involved in digital currency mining and trading are vulnerable to malware schemes especially since the nature of these digital currencies makes them attractive targets the con artists and malware developers. It is because of this that computer users are advised to take steps to ensure that their computers are always fully protected with a reliable, fully up to date security program.