Bitcoin Clipper malware made in Python.

Last update: Dec 30, 2022

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

Features

AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
SELF DESTRUCT
REPLICATE AND HIDE
No external Python modules required
Add self destruct message

How to use

Change BTC_ADDRESS to wallet address.
Change self destruct message
Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

Replicated the .py file

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

In the startup registry

How to delete

Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

then delete btcClip.py
To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Then right click it and delete

Bitcoin Clipper malware made in Python.

Related tags

Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

Demonstration

Features

How to use

How it works

How to delete

Owner

Nightfall

Technical_indicators_cryptos - Using technical indicators to find optimal trading strategies to deploy onto trading bot.

Python-RSA is a pure-Python RSA implementation.

Powerful Tool to encrypt and decrypt files using AES.

DCAStack: an Automated Dollar Cost Averaging Bot for Your Crypto

Generate Random ETH addresses and Private Keys and Saved to file.

Repository detailing Choice Coin's Creation and Documentation

Python Steganography data hiding in image

Privfiles - Encrypted file storage using Fernet with zero Javascript

This is a basic encryption and decryption program made in python.

seno-blockchain is just a fork of Chia, designed to be efficient, decentralized, and secure

Python FFI bindings for libsecp256k1 (maintained)

Challenge2022 - A backend of a Chia project donation platform

That Hash will name that hash type! Identify MD5, SHA256 and 300+ other hashes Comes with

A Docker image for plotting and farming the Chia™ cryptocurrency on one computer or across many.

Python app for encrypting messages with fernet cryptography.

Get the SHA256 hash of any file with this Python Script

Retrieve ECDSA signature R,S,Z values from blockchain rawtx or txid.

Message Encrypt and decrypt software // allows you to encrypt the secrete message and decrypt Another Encryption Message. |

The (Python-based) mining software required for the Game Boy mining project.

Simple python program to encrypt files with AES-256 encryption