Bitcoin Clipper malware made in Python.

Related tags

Cryptography python-malware-analysis bitcoin-clipper python-malware btc-clipper
Overview

BTC-Clipper | PROOF OF CONCEPT

THIS TOOL SHOULD ONLY BE USED FOR EDUCATIONAL PURPOSES ONLY

About

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

It operates by replacing the recipient cryptocurrency wallet addresses with ones owned by the cyber criminals. This tool demonstrates how certain cyber criminals redirect cryptocurrency transactions by replacing clipboard data. When users copy the addresses of cryptowallets that they wish to use to transfer bitcoin to, the copied information is stealthily replaced by the attacker's.

When the clipboard data is pasted, the addresses belong to the criminals' cryptocurrency wallets instead of being the cryptocurrency wallet for the intended recipient.

This is a project created to make it easier for malware analysts or ordinary users to understand how Bitcoin clippers work and can be used for analysis, research, reverse engineering, or review.

Please be sure to know what you're doing (such as knowing how to remove it) because when the .py file is run because it does modify some stuff in your system such as your Startup registry.

Demonstration

gif video (1)

Features

  • AUTO STARTUP (PATH FOR .py + REGISTRY ENTRY)
  • SELF DESTRUCT
  • REPLICATE AND HIDE
  • No external Python modules required
  • Add self destruct message

How to use

  • Change BTC_ADDRESS to wallet address.
  • Change self destruct message
  • Run -> python btcClip.py

How it works

When the .py file is run it automatically self destructs and replicates itself to the user's %APPDATA% folder (C:\Users\username\AppData\Roaming).

  • Replicated the .py file

Picture 1

It then adds itself to the user's Startup registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) so that it can run again when the PC is turned on.

  • In the startup registry

Picture 2

How to delete

  • Navigate to C:\Users\user\AppData\Roaming or you can type %appdata% on the top of the folder.

Picture 3

  • then delete btcClip.py

  • To delete from the registry, open up the Registry Editor for Windows and navigate to > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run

  • Then right click it and delete

You might also like...
Generate bitcoin public and private keys and check if they match a filelist of existing addresses that have a nonzero balance

btc-heist Running Install deps, i.e., python3 -m pip install -r requirements.txt Download the CSV dump of all bitcoin addresses with a balance and cut

Denis Khoshaba 103 Dec 5, 2022
Simple bitcoin ticker for the Pimorono Inky pHAT Red.
Simple bitcoin ticker for the Pimorono Inky pHAT Red.

bitcoin-ticker Simple bitcoin ticker for the Pimorono Inky pHAT Red. Equipment Raspberry Pi Zero W v1.1 or Pi 2 model b v1.1 Pimorono Inky pHAT Red (S

null 2 Mar 15, 2022
SimpleWallet - Simple wallet for Bitcoin
SimpleWallet - Simple wallet for Bitcoin

Simple Wallet This is a basic python starter package to be used as a template fo

Mystic 1 Jan 8, 2022
BlockVis - Create beautiful visualizations of Bitcoin Blockheaders
BlockVis - Create beautiful visualizations of Bitcoin Blockheaders

BlockVis Create beautiful visualizations of Bitcoin Blockheaders How to run To r

Egge 2 Jan 5, 2022
Create and finder all address wallet bitcoin and check balance , transaction
Create and finder all address wallet bitcoin and check balance , transaction

BTCCrackWallet Create and finder all address wallet bitcoin and check balance , transaction bitcoin wallet generator generated address wallet , public

MMDRZA 11 Nov 26, 2022
Connects to an active BitCoin Peer and communicates in order to locate a specific block number (height)

BitCoin-Peer-Client Connects to an active BitCoin Peer, and locates a predetermined block number (height) by downloading block headers. Once required

Henry Song 1 Jan 16, 2022
Bitcoin & Lightning Container Manager for facilitating development tools
Bitcoin & Lightning Container Manager for facilitating development tools

Torch-cli Bitcoin & Lightning Container Manager for facilitating development too

Gray Finance 3 Aug 22, 2022
Aplicação de monitoramento de valores de criptos através da API do Mercado Bitcoin.
Aplicação de monitoramento de valores de criptos através da API do Mercado Bitcoin.

myCrypto_MercadoBitcoin Aplicação de monitoramento de valores de criptos através da API do Mercado Bitcoin. Apoie esse projeto! 💵 💵 Olá! Você pode r

Vinícius Azevedo 122 Nov 27, 2022
Zero-dependency Cryptography Python Module with a self made method
Zero-dependency Cryptography Python Module with a self made method

TesohhCrypt TesohhCrypt is a zero-dependency Cryptography Python Module, with a method that i made. (likely someone already made a similar one, but i

Simone Tesini 1 Oct 26, 2021
Comments
  • Not working

    Not working

    Hello, i tried that but its not working somehow. the issure is listed in the screenshot and another thing that would be nice to do that it run on startup and is hidden however heres the error: image

    opened by FeelsBadMan1 1
Owner
Nightfall
16 | Python
Nightfall
GitHub
bitcoin-ticker is a E-ink ticker that shows usefull information about bitcoin

bitcoin-ticker bitcoin-ticker is a E-ink ticker that shows usefull information about bitcoin. Due to the limited refresh lifetime, new information is

null 32 Nov 9, 2022
📊Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI).

Colin Talks Crypto Bitcoin Bull Run Index (CBBI) This is a Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI). It makes use

Kamil Monicz 86 Jan 2, 2023
Bit is Python's fastest Bitcoin library and was designed from the beginning to feel intuitive, be effortless to use, and have readable source code.

Bit is Python's fastest Bitcoin library and was designed from the beginning to feel intuitive, be effortless to use, and have readable source code.

Ofek Lev 1.1k Jan 2, 2023
This is a simple Bitcoin non-deterministic wallet address generator coded in Python 3.

This is a simple Bitcoin non-deterministic wallet address generator coded in Python 3. It generates a Private Key in different formats (hex, wif and compressed wif) and corresponding Public Addresses, raw, P2WPKH addresses starting with prefix 1, P2SH addresses starting with prefix 3 as part of Segwit soft fork and Bech32 addresses with prefix bc1 P2WPKH and P2WSH.

null 7 Dec 22, 2022
Bsvlib - Bitcoin SV (BSV) Python Library

bsvlib A Bitcoin SV (BSV) Python Library that is extremely simple to use but mor

Aaron 22 Dec 15, 2022
The Intelligent Bitcoin Miner, Part II

The Intelligent Bitcoin Miner, Part II At a Glance This app simulates the behavior and profitability of Bitcoin miners for The Intelligent Bitcoin Min

Karim Helmy 20 Dec 16, 2022
Accept Bitcoin donations on Twitch, and integrate them into your alerts!

The system in action Check out how seamlessly the project works! Support the project You can tip me with some sats here!

Fitti 27 Jan 8, 2023
Looks for Bitcoin Wallets starting 1 compresses and Uncompressesed, segwit address and MultiSig starting 3.

Looks for Bitcoin Wallets starting 1 compresses and Uncompressesed, segwit address and MultiSig starting 3. Pick your starting and stop numbers to start looking. Need a database of addresses to check. Made with https://pypi.org/project/PySimpleGUI/

null 10 Dec 22, 2022
Bitcoin Wallet Address Generator

Bitcoin Wallet Address Generator This is a simple Bitcoin non-deterministic wallet address generator coded in Python 3. It generates a Private Key in different formats (hex, wif and compressed wif) and corresponding Public Addresses, raw, P2WPKH addresses starting with prefix 1, P2SH addresses starting with prefix 3 as part of Segwit soft fork and Bech32 addresses with prefix bc1 P2WPKH and P2WSH.

null 11 Dec 29, 2022
Address Validator (Bitcoin & Monero)

The Bitcoin address is an identifier of 26-35 alphanumeric characters, beginning with the number 1, 3 or bc1. 0, O, I, l are removed to avoid visual a

null 0 Mar 29, 2022