Hackers are Stealing Crypto Using Clipper Malware

hackers use clipper malware to steal crypto

Hackers can steal crypto payments by using a relatively new malware that replaces the receiving address between copying and pasting.


Don’t CTRL+C CTRL +V

According to a report from February of this year, a security researcher called Lukas Stefanko discovered that hackers had brought the so-called Clipper Malware to Google Play via infected cryptocurrency apps. He describes it in a blog post he named ‘First Clipper Malware discovered on Google Play,’ where he explains how the malware can steal crypto users’ coins.

The malware has a very simple and very dangerous purpose, which is to take advantage of copying and pasting public addresses of cryptocurrency wallets. When a user copies an address, the malware replaces it with an address of a hacker.

When the user uses the paste function to enter the address, it is not the same one that they had originally copied. However, this is usually not something that most people would notice, as crypto wallet addresses tend to be extremely long and random-looking.

The issue also appeared on the BitcoinTalk forum, where the user warned others about copying and pasting addresses via CTRL+C and CTRL+V commands. The user stated that checking the initial few characters is not enough to confirm that the address that was pasted is the same one that was copied. Often enough, the first several characters might be genuine, and the user might not notice that the rest are not.

Stefanko himself called the malware very dangerous, stating that,

This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018. In February 2019, we discovered a malicious clipper on Google Play, the official Android app store.

Hackers love Crypto

As far as malware goes, this one is not particularly old. However, its capabilities make it quite dangerous, and the fact that it is found even on some prominent software hosting sites only confirms that researchers are right to be concerned.

The malware discovered on Google Play Store impersonated MetaMask, and it would try to steal users’ Ethereum coins if they were to download the app. Ethereum coins are often targeted by hackers, whether from users’ private wallets or from crypto exchanges such as Upbit.

Of course, Bitcoin is still one of the most targeted coins, if not THE most targeted crypto. Even the largest crypto exchanges, such as Binance, often fail to fend off a hacking attack, which indicates how innovative attackers have become.

How to make sure you are not infected

As for how to deal with the clipping malware, security researchers have suggested paying extra attention to the address that users enter into the payment form. All kinds of errors can occur because crypto addresses were not meant for humans to read them and remember them, which is why checking each character is extremely important.

Any difference between the address that users wish to send the crypto to and the one in the form will result in lost funds as soon as the user presses the send button. Further, some have suggested that switching to Linux might be a better option, particularly Mint, for those who are new to Linux OS.

One reason for this is the fact that Microsoft OS features Cortana, which is an unremovable keyboard logger that stores user information in the Microsoft cloud. Other than that, users should try to regularly update their software, and only download apps posted by trusted sources.

Do you regularly check addresses to which you send funds? Let us know your thoughts down in the comments.


Image via Shutterstock

Exit mobile version