Cryptocurrency exchange Binance is warning of an “ongoing” global threat targeting cryptocurrency users with clipper malware to facilitate financial fraud.
Clipper malware, also known as ClipBankersis a type of malware which Microsoft calls crying softwarewhich comes with capabilities to monitor the victim’s clipboard activities and steal sensitive data that the user copies, including replacing cryptocurrency addresses with addresses under the attacker’s control.
In this case, digital asset transfers initiated on the compromised system are routed to a fake wallet instead of the intended destination address.
“During cut and switch, the critical software monitors the contents of the user’s clipboard and uses string search patterns to find and identify a string similar to a hot wallet address,” the tech giant noted back in 2022. “When the target user pastes or uses CTRL + V in the program window, Cryware replaces the object on the clipboard with the attacker’s address.”
Binance, in an advisory published on September 13, 2024, said it is tracking a widespread malware threat that intercepts data stored on the clipboard in order to replace cryptocurrency wallet addresses.
“The activity of this issue has increased significantly, especially on August 27, 2024, resulting in significant financial losses for affected users,” the exchange said. “Malware is often distributed through unofficial apps and plugins, especially on Android and web apps, but iOS users should also be vigilant.”
There is evidence that these malicious applications are inadvertently installed by users when searching for software in their native languages or through unofficial channels, mainly due to restrictions in their countries.
The company also said it is taking steps to block attackers’ addresses to prevent further fraudulent transactions, and that it has notified affected users, advising them to check for signs of suspicious software or plugins.
In addition to urging users to refrain from downloading software from unofficial sources, Binance urges caution when installing apps and plugins and verifying their authenticity.
Blockchain analytics firm Chainalysis revealed Last month, the chain saw a nearly 20% year-to-date decline in aggregate illegal activity, although the flow of stolen funds nearly doubled from $857 million to $1.58 billion.
“Fraudsters for the most part continue to move away from broad Ponzi schemes to more targeted campaigns such as pig slaughter, work-at-home scams, squads or address poisoning,” it said. saidadding that there has been an “increase in usage Markets of the Chinese language and laundering networks.’
