The RAXNET Stealer is a malware threat designed to obtain and replace information saved by victims in their system's clipboard. This functionality is specifically targeted at users making cryptocurrency transactions, as the addresses of the different crypto-wallets are typically represented by lengthy strings of letters, numbers and other characters. RAXNET will monitor the clipboard and, upon detecting a suitable string, will replace it with the address of a wallet controlled by its operators. If victims do not notice that they have pasted a different address, the funds would be transmitted to the attackers and subsequent recovery would be nearly impossible.
The RAXNET Stealer is offered for sale by its developers to any interested party. The threatening tool has a free version, a Similarity Mode priced at $60, and a Builder mode available for $100. Once executed on the victims' device, the malware can impact transactions using several, different cryptocurrencies. Naturally, the consequences for the victims could be severe, causing significant monetary losses.