Bitcoin Clipper malware made in Python.

Related tags

Cryptographypython-malware-analysisbitcoin-clipperpython-malwarebtc-clipper
Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

gif video (1)

Features

  • AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
  • SELF DESTRUCT
  • REPLICATE AND HIDE
  • No external Python modules required
  • Add self destruct message

How to use

  • Change BTC_ADDRESS to wallet address.
  • Change self destruct message
  • Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

  • Replicated the .py file

Picture 1

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

  • In the startup registry

Picture 2

How to delete

  • Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

Picture 3

  • then delete btcClip.py

  • To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run

  • Then right click it and delete

Owner
Nightfall
16 | Python
Nightfall
GitHub Repository
Get the length of the Instagram encrypted password

instagram-weak-encryption Get the length of the Instagram encrypted password Introduction Instagram and Facebook encrypt the password submitted at log

Giuseppe Criscione 19 Dec 09, 2022
Um sistema de Criptografia RSA feito totalmente em Python

Um sistema de Criptografia RSA feito totalmente em Python

Luis Müdder 3 Nov 23, 2021
Python wrapper for the Equibles cryptos API.

Equibles Cryptos API for Python Requirements. Python 2.7 and 3.4+ Installation & Usage pip install If the python package is hosted on Github, you can

Equibles 1 Feb 02, 2022
Python Steganography data hiding in image

Python-Steganography Python Steganography data hiding in image data encryption and decryption im here you have to import stepic module 1.open CMD 2.ty

JehanKandy 10 Jul 13, 2022
offline half-random brute force script for Ethereum private keys

eth200swinger offline half-random brute force script for Ethereum private keys, goes from the beginning to end of range and vice versa, saves any foun

2 Oct 06, 2022
Bitcoin & Lightning Container Manager for facilitating development tools

Torch-cli Bitcoin & Lightning Container Manager for facilitating development too

Gray Finance 3 Aug 22, 2022
Tools for running airdrop and token distribution campaigns on the Solana blockchain.

Overview This repository contains some of the scripts we have used for running our airdrop campaigns and other distributions. Initially, all of these

147 Nov 17, 2022
SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing

TymSpecial Shellcode Loader Description This project was made as a way for myself to learn C++ and gain insight into how EDR products work. TymSpecial

Nick Frischkorn 145 Dec 20, 2022
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server.

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

29.5k Dec 31, 2022
This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method.

To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters.

Telefónica 36 Jul 06, 2022
📊Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI).

Colin Talks Crypto Bitcoin Bull Run Index (CBBI) This is a Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI). It makes use

Kamil Monicz 86 Jan 02, 2023
wdepy: Decryption and Inspection for PGP WDE Disks

This is a small python tool to inspect and decrypt disk images encrypted with PGP Whole Disk Encryption (including the Symantec-branded versions like Symantec Drive Encryption). It takes advantage of

Brendan Dolan-Gavitt 17 Oct 07, 2022
Aza this is a text encryption software

Aza text encryptor General info Aza this is a text encryption software Help command: python aza.py --help Examples python aza.py --text "Sample text h

ToxidWorm 1 Sep 10, 2022
Get the SHA256 hash of any file with this Python Script

Hashfile-SHA256 A SHA256 hash verifying script, written in python. Report Bug Table of Contents About The Project Built With Getting Started Prerequis

Ethan Gallucci 1 Nov 01, 2021
En- and decrypting text-messages by creating a key with of the fibonacci-sequence

En- and decrypting text-messages by creating a key with of the fibonacci-sequence. This key helps to create mathematical functions, whose zeros should generates the encrypted message.

Pulsar 1 Feb 05, 2022
A Trading strategy for the Freqtrade crypto bot.

Important Thing to notice 1) Do not use this strategy on live. It is still undergoing dry-run. 2) The Hyperopt is highly optimized towards "shitcoin"

160 Dec 26, 2022
A really, really bad way to encrypt your text

deoxyencryptingnucleicacids A really, really bad way to encrypt your text. A general description of the scheme Encoding: The ascii plaintext is first

Sam Pinkerton 1 Nov 01, 2021
Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage. Mysterium don't make any difference between encrypted and non encrypted files, it can retrieve code from Pyarmor or .pyc files.

Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage.

Venax 116 Dec 21, 2022
Two modules that display rates of fiat currencies and cryptocurrencies

currency-rates-polybar Two modules that display rates of fiat currencies and cryptocurrencies Setup Clone the repository somewhere Move (or create sym

Peskov Sergey 2 Apr 03, 2022
Advanced Digital Envelope System Using Cryptography Techniques (Encryption & Decryption)

Advanced-Digital-Envelope-System Advanced Digital Envelope System Using Cryptography Encryption Techniques The digital envelope system is the techniqu

NelakurthiSudheer 2 Jan 03, 2022