Bitcoin Clipper malware made in Python.

Last update: Dec 30, 2022

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

Features

AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
SELF DESTRUCT
REPLICATE AND HIDE
No external Python modules required
Add self destruct message

How to use

Change BTC_ADDRESS to wallet address.
Change self destruct message
Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

Replicated the .py file

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

In the startup registry

How to delete

Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

then delete btcClip.py
To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Then right click it and delete

Bitcoin Clipper malware made in Python.

Related tags

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

Demonstration

Features

How to use

How it works

How to delete

Owner

Nightfall

Scrambler - Useful File/Directory Encryption Program

Privfiles - Encrypted file storage using Fernet with zero Javascript

This is a fully functioning Binance trading bot that takes into account the news sentiment for the top 100 crypto feeds.

This is a webpage that contains login and signup page by which the password is stored using elliptic curve cryptography

CertPy is a high level toolkit for generating x509 (e.g. SSL/TLS/HTTPS) certificates in Python.

Discord webhooks for alerting crypto currency price changes & historical data.

An Etebase (EteSync 2.0) server so you can run your own.

Privfiles - Encrypted file storage using Fernet with zero Javascript

A simple program written in python to convert: USD, EUR & BTC to BRL

A Python module to encrypt and decrypt data with AES-128 CFB mode.

O BiscoitoDaSorte foi criado com o objetivo de estudar desenvolvimento de bots para Discord.

Calculate your taxes from cryptocurrency gains

A python implementation of our standard object-oriented encryption package, shipped with most apps.

Powerful Tool to encrypt and decrypt files using AES.

Active github repos of all cryptocurrencies

Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any online tools.

A bot that escrows crypto transactions on Reddit

Encrypt Your Script Python

SHIBgreen is a cryptocurrency forked from Chia and uses the Proof of Space and Time consensus algorithm

dashboard to track crypto prices and change via the coinmarketcap APIs