Bitcoin Clipper malware made in Python.

Last update: Dec 30, 2022

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

Features

AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
SELF DESTRUCT
REPLICATE AND HIDE
No external Python modules required
Add self destruct message

How to use

Change BTC_ADDRESS to wallet address.
Change self destruct message
Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

Replicated the .py file

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

In the startup registry

How to delete

Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

then delete btcClip.py
To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Then right click it and delete

Bitcoin Clipper malware made in Python.

Related tags

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

Demonstration

Features

How to use

How it works

How to delete

Owner

Nightfall

Image Encryption/Decryption based on Rubik Cube 's principle and AES

Random Pasword Generator Sezar Crypto

Privfiles - Encrypted file storage using Fernet with zero Javascript

Solutions to all 6 programming assignments in Dan Boneh's course Cryptography I, in statically typed Python.

💰 An Alfred Workflow that provides current price of cryptocurrency

PytoPrice is an automation program to fetch the latest price of a cryptocurrency of your choice at a user-customizable update interval.

ETHGreen blockchain is a fork from STAI and Chia blockchain including features implemented by Covid blockchain.

📊Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI).

Tutela: an Ethereum and Tornado Cash Anonymity Tool

This is a webpage that contains login and signup page by which the password is stored using elliptic curve cryptography

SysWhispers integrated shellcode loader w/ ETW patching & anti-sandboxing

Python wrapper for the Equibles cryptos API.

Persian caesar and rot16 encryptor and decryptor

Taishang Credential With Interactive Badges

Skepticoin is a peer-to-peer digital currency that enables you to send money online

Kyrie Eleison - The best and unique way to encrypt some data or a file safely

SDU experiment of introduction to the cryptography

A python tool to track prices of various cryptocurrencies and alert

PeGuard - Windows PE crypter and packing utility

SimpleWallet - Simple wallet for Bitcoin