Bitcoin Clipper malware made in Python.

Related tags

Cryptographypython-malware-analysisbitcoin-clipperpython-malwarebtc-clipper
Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

gif video (1)

Features

  • AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
  • SELF DESTRUCT
  • REPLICATE AND HIDE
  • No external Python modules required
  • Add self destruct message

How to use

  • Change BTC_ADDRESS to wallet address.
  • Change self destruct message
  • Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

  • Replicated the .py file

Picture 1

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

  • In the startup registry

Picture 2

How to delete

  • Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

Picture 3

  • then delete btcClip.py

  • To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run

  • Then right click it and delete

Owner
Nightfall
16 | Python
Nightfall
GitHub Repository
A Python module to encrypt and decrypt data with AES-128 CFB mode.

cryptocfb A Python module to encrypt and decrypt data with AES-128 CFB mode. This module supports 8/64/128-bit CFB mode. It can encrypt and decrypt la

Quan Lin 2 Sep 23, 2022
Gearbox-vyper-contracts - Auxillary contracts for the Gearbox Protocol written in Vyper

Gearbox Vyper Contracts Auxillary contracts for the Gearbox Protocol written in

Edward Amor 4 Jan 07, 2022
📊Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI).

Colin Talks Crypto Bitcoin Bull Run Index (CBBI) This is a Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI). It makes use

Kamil Monicz 86 Jan 02, 2023
Simple encryption/decryption utility using Pycryptodome module. Working with AES and RSA algorithms.

EncypherUtil Simple encryption/decryption utility using PyCryptodome module. Working with AES and RSA algorithms. THIS UTILITY IS NOT LICENSED AS CRYP

Egor Yakubovich 0 Jun 14, 2022
Quick and dirty script to fix MD5 hashes in poetry.lock file

fix-poetry-md5-hash Quick and dirty script to fix MD5 hashes in poetry.lock file. Usage: poetry run fix-poetry-md5-hash

2 Apr 20, 2022
Message Encrypt and decrypt software // allows you to encrypt the secrete message and decrypt Another Encryption Message. |

Message-Encrypy-Decrypt-App Message Encrypt and decrypt software // allows you to encrypt the secrete message and decrypt Another Encryption Message.

Abdulrahman-Haji 2 Dec 16, 2021
💰 An Alfred Workflow that provides current price of cryptocurrency

Coin Ticker for Alfred Workflow An Alfred Workflow that provides current price and status about cryptocurrency from cryptocompare.com. Supports Alfred

Bumsoo Kim (Ian) 14 Nov 17, 2022
The Qis|krypt⟩ is a software suite of protocols of quantum cryptography and quantum communications

The Qis|krypt⟩ is a software suite of protocols of quantum cryptography and quantum communications, as well, other protocols and algorithms, built using IBM’s open-source Software Development Kit for

Qiskrypt 14 Oct 31, 2022
This is a Sharding Simulator to study blockchain scalability

Sharding Simulator This is a Sharding Simulator to study blockchain scalability. How to run on Ubuntu First make sure you have the header file for Pyt

1 Jan 23, 2022
Audits Python environments and dependency trees for known vulnerabilities

pip-audit pip-audit is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisor

Trail of Bits 701 Dec 28, 2022
Secure open-source password manager.

aes256_passwd_store This script securely encrypts or decrypts passwords on disk within a custom database file. It also features functionality to retri

14 Nov 15, 2022
offline half-random brute force script for Ethereum private keys

eth200swinger offline half-random brute force script for Ethereum private keys, goes from the beginning to end of range and vice versa, saves any foun

2 Oct 06, 2022
基于python的一款 加解密工具

基于python的一款 加解密工具 加密: SHA序列: sha1 , sha2 , sha224 , sha256 , sha384 , sha512 , sha512-256 , sha3-224 , sha3-256 , sha3-384 , sha3-512 MD序列: md4 , md5

3 May 05, 2022
SVSHI - Secure and Verified Smart Home Infrastructure

The SVSHI (Secure and Verified Smart Home Infrastructure) (pronounced like "sushi") project is a platform/runtime/toolchain for developing and running formally verified smart infrastructures, such as

Dependable Systems Laboratory 3 Oct 28, 2022
s-pass is a program that creates strong passwords and then encrypts the password and saves it to a file. To see the encrypted password, execute the decrypt.py file and paste the password in the txt file into the incoming question.

s-pass v1.1 s-pass is a program that creates strong passwords and then encrypts the password and saves it to a file. To see the encrypted password, ex

Alpkunt 9 Sep 09, 2022
gcrypter: an encryption algorithm based on bytes and their correspondent numbers to encode strings

gcrypter: an encryption algorithm based on bytes and their correspondent numbers to encode strings

Nuninha-GC 1 Jan 10, 2022
Encrypt decrypt files - Programmed in Python | PySimpleGUI

Crypter Programmed in Python | PySimpleGUI If you like it give it a star How it works Crypter program use Fernet for encryption. Fernet guarantees tha

Adrijan 11 Jun 18, 2022
Python Encryption Name Game

Python 3.9.7 Encryption Name Game Encrypt a name with numbers using a Caesar cipher! You can choose different numbers to encrypt your name from 1 to o

Armand Brunelle 3 Dec 24, 2021
BOT para o BombCrypto para infinitas contas em simultâneo!!!

BOT - MultiContas para BombCrypto - v 0.4.0 Funções extras: Envios de notificações via Telegram: Aviso de Inicialização do Bot Aviso de Conclusão de M

Rai Zancanaro 19 Dec 20, 2022
A simple web application with tools of cryptography, made with Flask and Cryptography.

Crypto Tools A web application made with Flask that allows the use of some cryptography tools like message digest, RSA key pair generation and a decip

Felipe Valentin 0 Jan 20, 2022