Hackers are currently stealing crypto currencies with a relatively new malware that replaces the recipient address between copy and paste.
Ctrl+C, Ctrl+V? Leave it at that
According to a February report, security researcher Lukas Stefanko discovered that hackers had used infected crypto apps to bring clipper malware to Google Play. In a blog post called “First Clipper Malware discovered on Google Play”, the researcher explains how the malware can steal the coins of crypto users.
The malware has a very simple and dangerous purpose – to copy and paste public addresses from crypto wallets. When a user copies an address, the malware replaces it with the hacker’s address.
If the user then inserts the address via CTRL+V, it is suddenly no longer the one he originally copied. However, this is usually not noticeable, as crypto-wallet addresses usually look extremely long and random.
The problem is also discussed in the BitcoinTalk forum, where the user warned others against copying and pasting addresses using CTRL+C and CTRL+V. According to the user, checking the first few characters is not enough to confirm the correctness of the address.
Often enough, the first few characters match – and the user may not notice that the rest is incorrect.
Stefanko himself called the malware very dangerous and explained:
“This dangerous form of malware first appeared on the Windows platform in 2017 and was discovered in shady Android app stores in the summer of 2018. In February 2019, we discovered a malicious clipper on Google Play, the official Android App Store.”
Hackers love crypto
The malware’s capabilities make it quite dangerous, and the fact that it can even be found on some prominent software hosting sites only confirms that the researchers are rightly concerned.
The malware discovered in the Google Play Store imitated MetaMask and tries to steal users’ Ethereum Coins when they download the app. Ethereum coins are often the target of hackers – be it from the private wallet of users or from crypto exchanges such as Upbit.
Of course, Bitcoin is still one of the most targeted coins, if not the most attacked crypto currency. Even the largest crypto exchanges like Binance are often unable to defend themselves against a hacking attack – which shows how innovative attackers have become.
Always check addresses conscientiously
As far as the handling of clipping malware is concerned, security researchers have suggested paying particular attention to the address that users enter on the payment form. Crypto addresses are long and bulky, so checking each character is extremely important.