Bitcoin Clipper malware made in Python.

Related tags

Cryptographypython-malware-analysisbitcoin-clipperpython-malwarebtc-clipper
Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

gif video (1)

Features

  • AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
  • SELF DESTRUCT
  • REPLICATE AND HIDE
  • No external Python modules required
  • Add self destruct message

How to use

  • Change BTC_ADDRESS to wallet address.
  • Change self destruct message
  • Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

  • Replicated the .py file

Picture 1

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

  • In the startup registry

Picture 2

How to delete

  • Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

Picture 3

  • then delete btcClip.py

  • To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run

  • Then right click it and delete

Owner
Nightfall
16 | Python
Nightfall
GitHub Repository
Repository detailing Choice Coin's Creation and Documentation

Choice Coin V1 This Repository provides code and documentation detailing Choice Coin V1, a utility token built on the Algorand Blockchain. Choice Coin

Choice Coin 245 Dec 29, 2022
E2EE disabling plugin for Synapse

E2EE disabling plugin for Synapse This Pluggable Module disables end-to-end encryption in a self-hosted Synapse servers. It works by stripping out req

Konstantin Sharlaimov 9 Nov 30, 2022
This program generate hashes from random salts

Hash Generator This program generate hashes from random salts. How to install Install this program using python 3 and pip: pip install . In the future

Diesan Romero 2 Aug 20, 2022
This python module can analyse cryptocurrency news for any number of coins given and return a sentiment. Can be easily integrated with a Trading bot to keep an eye on the news.

Python script that analyses news headline or body sentiment and returns the overall media sentiment of any given coin. It can take multiple coins an

185 Dec 22, 2022
Bitcoin & Lightning Container Manager for facilitating development tools

Torch-cli Bitcoin & Lightning Container Manager for facilitating development too

Gray Finance 3 Aug 22, 2022
JS Deobfuscation is a Python script that deobfuscates JS code and it's time saver for you

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you. Although it may not work with high degrees of obfuscation, it's a pretty nice tool to help you even if it's j

Quatrecentquatre 3 May 01, 2022
offline half-random brute force script for Ethereum private keys

eth200swinger offline half-random brute force script for Ethereum private keys, goes from the beginning to end of range and vice versa, saves any foun

2 Oct 06, 2022
Recover bitcon brainwallet

Bitcoin brainwallet recovery tool If you like it give it a star Programmed in Python | PySimpleGUI How it works From seed phrase create bitcoin privat

Adrijan 20 Dec 15, 2022
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as pa

NCC Group Plc 162 Dec 21, 2022
keyring MITkeyring (🥉27 · ⭐ 630) - Store and access your passwords safely. MIT

The Python keyring library provides an easy way to access the system keyring service from python. It can be used in any application that needs safe pa

Jason R. Coombs 948 Dec 18, 2022
Crypto Portfolio Clustering with and without optimization techniques (elbow method, PCA).

Crypto Portfolio Clustering Crypto Portfolio Clustering with and without optimization techniques (elbow method, PCA). Analysis This is an anlysis of c

David L 0 Feb 18, 2022
BlockVis - Create beautiful visualizations of Bitcoin Blockheaders

BlockVis Create beautiful visualizations of Bitcoin Blockheaders How to run To r

Egge 2 Jan 05, 2022
Looks for Bitcoin Wallets starting 1 compresses and Uncompressesed, segwit address and MultiSig starting 3.

Looks for Bitcoin Wallets starting 1 compresses and Uncompressesed, segwit address and MultiSig starting 3. Pick your starting and stop numbers to start looking. Need a database of addresses to check

10 Dec 22, 2022
I coded the sha256 algorithm into python without using any modules.

sha256.py I coded the sha256 algorithm in python without using any modules. The purpose of the code was to better understand the algorithm and learn h

4 Dec 12, 2022
Implementation of Smart Batch Auction for NFT launches on Tezos.

NFT Smart Batch Auction Smart Batch Auctions are an improvement over the traditional first come first serve (FCFS) NFT drops. FCFS design has been in

Anshu Jalan 5 May 06, 2022
A little side-project API for me to learn about Blockchain and Tokens

BlockChain API I built this little side project to learn more about Blockchain and Tokens. It might be maintained and implemented to other projects bu

Loïk Mallat 1 Nov 16, 2021
Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any online tools.

Stark Encrypt your code without a worry. Stark utilizes the base64, hashlib and Crypto lib to encrypt your code which cannot be decrypted with any onl

cliphd 3 Sep 10, 2021
BOT para o BombCrypto para infinitas contas em simultâneo!!!

BOT - MultiContas para BombCrypto - v 0.4.0 Funções extras: Envios de notificações via Telegram: Aviso de Inicialização do Bot Aviso de Conclusão de M

Rai Zancanaro 19 Dec 20, 2022
Get the length of the Instagram encrypted password

instagram-weak-encryption Get the length of the Instagram encrypted password Introduction Instagram and Facebook encrypt the password submitted at log

Giuseppe Criscione 19 Dec 09, 2022
BETCOIN BET is a digital currency system created with python

BETCOIN BET is a digital currency created with python and flask with features of a centralized bank, wallet system, and open transaction history of al

Ujjwal Kumar 3 Nov 16, 2021