Qulab Clipper

The Qulab Clipper is a spyware program that also hijacks any copy-pasted links for your cryptocurrency wallets. Threat actors may use the information-collecting capabilities of this threat for gaining access to passwords, credit card numbers or your Web-browsing activities, and exploit the use of the wallet feature for redirecting transactions to their accounts. The victims should disinfect their PCs and remove the Qulab Clipper with a trusted brand of anti-malware tool before changing all passwords and re-securing their other credentials as necessary.

Russian Programs that Aren't as Innocuous as Microsoft's 'Clippy'

Clippit or 'Clippy,' the well-known digital assistant for the Microsoft's Office, has created benign associations with the phrase clipping. Now, a Russian threat actor is selling a new spyware bundle that may, equally easily, reassociate the word with criminal activities. The Qulab Clipper is selling on Russian forums on the dark Web, and, in return, giving various criminals easy access to collecting both information and cryptocurrency-based money.

The Qulab Clipper's cryptocurrency-hijacking feature uses a simple replacement of copy-pasted data that detects strings for the wallets of Bitcoin, Monero, Dogecoin, etc. When the user pastes the string, the Qulab Clipper intercepts the action and swaps in another string. In theory, this text could be anything, but malware experts are confirming that the intended purpose is letting criminals redirect transactions towards their wallets.

However, the Qulab Clipper has a wealth of other features that collect information from the infected PCs, instead of Bitcoins. The overview of these data-offensive capabilities includes:

• Qulab Clipper may collect Web-browsing data from Chromium (such as Chrome) or Gecko software (such as Firefox). The targets include the autocompletion fields, cookies, and any text that matches the expected formats for passwords, login names or credit card credentials.
• However, the Qulab Clipper also extends its theft outside of one's browser, and can assault the users of software such as the Steam gaming store, the Discord chat application, or the file-sharing FileZilla program, among others.
• The Qulab Clipper also expresses interest in targeting desktop-save data, particularly, Notepad TXT files and other documents.

Cutting the Qulab Clipper Out of Its Profits

The threat actors, already, are hiring and making use of the Qulab Clipper in their campaigns. Malware researchers are investigating the infection methods they're using, currently, but have inadequate data on these attacks. Criminals could be searching for easy servers for brute-forcing the login combinations or sending out spam e-mails with corrupted attachments, among other strategies. Secure your passwords, disable features that constitute as security risks (ranging from Word macros to in-browser JavaScript) and avoid unsafe downloading resources for protecting your PC.

As usual, the money-hijacking portion of the Qulab Clipper's payload is irreversible effectively without the help of the threat actor who collected the money in the first place. The users can, however, monitor their clipboards for any unexpected tampering – the 'hijacked' text address is different from the intended one visibly. Concerning collected information, the users should cancel all compromised credit cards and change all logins and security questions after deleting the Qulab Clipper with their choice of anti-malware software.

Since the Qulab Clipper's author offers free updates for anyone hiring the spyware, more attacks may come from its campaign than only those that malware analysts are confirming. Don't hesitate to be proactive about the safety of your cryptocurrency and your information – or a stranger may, happily, take advantage of your laxity.