ProstoClipper

ProstoClipper is a threatening application that has a name very similar to ProstoStealer, but these two threats are not identical. Both of them appear to be the product of Russian-speaking malware developers, and they are being advertised on hacking forums actively – other hackers can purchase the right to use ProstoClipper by choosing one of the payment plans that the original author offers. Commodity malware like ProstoClipper is considered to be a major threat to users worldwide, because the product might be used by different groups of cybercriminals, and they may rely on entirely different strategies to reach their victims. Furthermore, some commodity malware may even be reworked by adding advanced features – thankfully, ProstoClipper's author does not offer to sell the source code, so it is unlikely that any of the customers will be able to modify this malware's functionality.

The ProstoClipper malware is designed to target cryptocurrency users exclusively. It serves a very basic but important purpose – it checks the Windows clipboard for the presence of cryptocurrency wallet addresses regularly, and then replaces the wallet address with one provided by the attacker. This simple trick has become one of the most popular ways to hijack cryptocurrency transactions – many users do not bother to double-check the contents of the text they are copying and pasting, so they might not notice that the pasted address is different than the one they copied.

Threats like ProstoClipper are hard to spot and remove manually incredibly due to their limited footprint and size – for example, this malware is just 50KB in size. If you are performing cryptocurrency transactions regularly, then we advise you to protect your system from ProstoClipper and similar malware by using an up-to-date anti-malware application.