Called ‘clipper’, the dodgy virus allows fraudsters to secretly implant their own digital wallet addresses when a computer user copies and pastes what they believe are their own details. The sophisticated software then snatches transferred crypto like Ethereum and bitcoin, never to be seen again. The shady practice was uncovered by cybersecurity expert Lukas Stefanko, and is believed to be rife in fake or compromised apps in the Google Play Store.
In almost all cases, cryptocurrency wallet addresses are made of a long series of characters and numbers in order to make them secure. However, instead of typing the addresses out, most users will instead copy and paste to save time.
This is where the clipper malware is designed to rip out the user’s secret details.
“It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert,” Stefanko explained.
“In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
Since being identified, the clipper malware has been largely used to penetrate the wallets of Ethereum holders, although Stefanko says other cryptocurrencies are being targeted.
“The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds,” he added.
“However, it can also replace a bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”
Although a lengthy and tedious process, the cyber security expert advises double-checking every character of a pasted address to ensure it is a user’s own code.