Clipper malware used to steal cryptocurrency funds

Hackers are using new malware methods which lift copy-and-paste data to steal cryptocurrency from unsuspecting victims.

The malware, called a ‘clipper’, replaces users’ crypto addresses with the hacker’s own address when copy and pasting.

Cybersecurity researcher Lukas Stefanko discovered the exploit earlier this year. It is most often deployed through fake or infected apps on the Google Play store.

It is believed that similar malware has been used on Windows devices from as early as 2017.

The exploit, which is still being used today, waits for users to copy a receiving cryptocurrency wallet address and then hijacks the clipboard of a users’ machine to replace the paste value with the hacker’s wallet address.

This results in cryptocurrency users sending their funds directly to a wallet they don’t control.

The exploit works so well because many users neglect to double-check the pasted address, instead relying on the copy-and-paste data to be accurate.

The malware is delivered through downloads, some of which are impersonations of legitimate cryptocurrency software such as MetaMask.

Stefanko claims that the malicious downloads aren’t restricted to dodgy sites or app stores, and some are even being downloaded through highly trustworthy sites such as CNET.

The need for user-friendly addresses

Many cryptocurrency experts have called for user-friendly wallet addresses that are easier to remember or recognise at a glance but which don’t compromise on cryptographic security.

Current addresses, which may be in excess of 34 characters long and case sensitive, are incredibly difficult to read and compare, which is why most users rely on copy and pasting to ensure they’ve got the right address.

Stefanko wrote on Bitcointalk, the popular Bitcoin forum where the exploit was first revealed, that:

“Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won’t notice the address was changed.”

Avoid falling prey to malware

The most simple way to avoid falling prey to such scams is to double-check every single digit of a pasted cryptocurrency address, no matter how tedious this may seem.

Stefanko also warned against using Windows software such as Cortana, as the built-in AI helper contains key-logging capabilities which could be used by hackers.

Multiple entities have been blamed for the proliferation of cryptocurrency malware, from shady organised criminal gangs to highly clandestine North Korean hacking groups.

If you’d like to learn more about the threats of crypto malware and steps you can take to protect yourself, read here.