Bitcoin Forum

If you are using wallets on PC and you are also receiving emails and browsing the Internet on such pc make sure you watch your step very well, there is a malware out there that can swap the address you want to send coins to with a scammers address, I was so lucky to noticed this and I have the habit of cramming the last three alphabets of the receivers address after clicking on copy. May we not work for scammers to enjoy our hard work in the end.


Things are back to normal after I formatted my PC

Linking this thread created by @LoyceV in case there is someone who is new to this type of problem called "Clipboard Hijacking".

[1] How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.0)

Just a suggestion. Check the entire address string to see if the pasted address is the same as the source. Only checking the first/last three characters is not a good practice since the middle part can be modified, which can be tough to spot if you are not paying attention.

This malware has been known for a long time, and we call it in general clipboard malware (https://www.pcrisk.com/removal-guides/15815-clipboard-hijacker-malware), and that's exactly what you described. The precautions that every crypto user should take should consist of trying to prevent such malware from getting into our system at all. This would include the following actions:

• Never click on suspicious links presented through e-mail and social networks, but also do not click on advertisements that can also lead to malicious content.
• Be extremely careful when downloading all media files directly or via torrent, and when visiting xxx websites - it would be best to have a separate device for such things.
• Get proper antivirus/malware protection to protect you in case you still make a mistake.
• Always check all the data in your crypto wallet before confirming the transaction by clicking on the preview option, with special emphasis on the accuracy of the address to which you are sending coins.
• However, if you are not a careful enough person and bad things often happen to you, invest in a hardware wallet that will additionally protect you by forcing you to raise security to a higher level.

The importance of this cannot be overstated, some persons only think in the direction and fear the possibility of virus entering their PC and not Malwares. Some malwares are as dangerous, even more dangerous than some virus. A friend of mine had a malware in his PC that was actively taking screenshots of his PC screen and sending to a source, had he not noticed it on time, it would have done a great deal of damage to him because he does all business transactions and related from his PC. Get a good malware protection because these things are real.

Ideally, physically or using a operating system which supports compartmentalization, therefore isolating it from your daily activities is the best approach. I'm an advocate for Qubes OS which not only isolates each qube from another i.e instances of a operating system, it can optionally isolate your network from them too. There's also options to have a disposable sys-net, which upon rebooting resets it back to the template, so if you did get compromised it would only be for that session.

Although, even without isolation techniques, you can avoid most problems by not downloading anything that you haven't verified to be legitimate.

I actually consider anti viruses to be worse than just following basic security protocols. They slow down your computer, they often come with bloatware, and they're intrusive via unnecessary notifications. Also, some people have claimed they falsely identify problems, just so you think they're working.

An Anti Virus is a glorified database checker, they don't use anything impressive, and they aren't effective against new attacks, until they've been found, and put in the database. This often nulls people into a false sense of security. So, are anti viruses beneficial? Probably to some people, but like I suggested above you can easily avoid most of the pitfalls by not doing risky stuff on your computer.

That is the thing we suppose to do but only techy people who able to do this while others don't care about it and they mostly receive the consequences due to ignorance. Even we do much care of our PC and install blocking apps, we can't still assure that everything will be okay and totally safe as these apps couldn't give 100% safety on your PC. Some leaks could be considered especially when accidentally clinking links that contain malware or virus.
Well, the best way is not to save important information to our PC or laptop, especially when it includes private keys and bank accounts.

You'll find that the more technical people will avoid anti viruses for the reasons I mentioned above. I actually see anti viruses to be more tailored towards those that don't know much about computers or using them safely. For example, and I do hate giving this an an example as it comes across as stereotypical, but it's not meant to be that way; a older generation person that hasn't had much interest in computers, will likely be more inclined to use anti virus because they don't have the knowledge to secure themselves. However, while there's nothing wrong with this approach, there's definitely a element of risk here, since that person will likely assume that they're safe from all attacks, and therefore will be more complacent, when in fact they aren't completely secure.

Your data is 100 percent going to be leaked at some point, if it hasn't already been so. This is nothing to do with your personal security (although you can mitigate it by providing fake/temporary data), but the services that you use. For example, the most popular websites in the world have been hacked, and have had their data leaked. This forum has been hacked, and user's passwords, and other information was leaked. So, avoiding leaks is impossible if you use the internet, and sign up to services.

However, like I briefly mentioned you can mitigate that risk by providing fake or temporary data that is website/service specific. Although, most people don't do this because of the issue with convenience.

As someone who has tried at least 15 or more commercial home AVs over the years, I can say that there are indeed those that are difficult to configure, have an impact on the system, and can cause inconvenience to the user. However, there are security solutions that are the opposite, and their presence on modern computers is almost invisible if we look at CPU or RAM usage.

For example, I will say something about my experience with Norton Security, which I consider almost perfect. RAM consumption is generally less than 100 MB, while CPU goes from mostly 2-5%. By comparison, Firefox with 4 open tabs consumes over 1 GB of RAM and close to 10% CPU. For a computer with 8 GB of RAM and a modern processor, no AV will be a problem with resource consumption.

I agree that protection depends on what the antivirus definition database is and how often it is updated - but also on how good heuristic analysis (https://en.wikipedia.org/wiki/Heuristic_analysis) it has, which means that it can fight against those threats that have not yet been added to the antivirus database.

See, I've found Norton to be quite intrusive, the thing is as computers advance, so does their hardware, so the effect of the program isn't noticed as much as time goes on. Put Norton on a older system, which doesn't have the latest ram, and CPU, and you'll see an issue. Although, I can't personally claim either way if its good or not in terms of resources, since I haven't seen it personally.

Although, why I find it intrusive is because it constantly tries to push additional products onto you. For example, I have friends that use it, and I've seen that they try to push Norton's own version of a VPN. The only saving grace is that they do claim not to keep logs for their VPN's. Although, according to this (https://uk.norton.com/internetsecurity-privacy-what-is-a-no-log-vpn.html) they do collect some data, which is too broad to see if any of that information could be deemed invasive. However, I'm not a fan of the advertising that these services do, even if it is their own products. I believe they're enabled by default, and can be turned off through the settings.

As for their capabilities in protecting its users, I'd have to see some compelling data to change my mind on it. Heuristic_analysis generally is very limited, and more often than not identifies false positives. I've had code I've written been flagged by anti virus systems, so I know they're definitely flagging up false positives. Most operating systems have built in systems these days, Windows has Windows Defender, which practically does the same thing, a part from a few variations. Obviously, Linux can differ per its distribution. Mac OS I'm not entirely sure how that works, as I've never touched one of them for long enough to take a look. If you have a built in system that you can't disable (Windows Defender), then you are effectively adding another similar application to the current usage of that application too. So, that should be factored in.

I'm going to sound like a broken record here once again, but if you truly care about security, and internet security there's no better operating system than Qubes OS. I've recommended this so many times, I almsot feel like a personal sales agent for them, but it's completely free, and uses virtualisation technology to separate instances known as Qubes, which means even if one of them was compromised, it's unlikely to be able to infect others, which reduces your risk massively.

For example, you could have a dedicated Bitcoin wallet qube which you plug your hardware wallet into, sys-net the qube that handles the network supplies the connection to that qube. If sys-net gets compromised, it doesn't mean that the qube will, and you could potentially set sys-net as disposable so upon reboot it resets to the default, and effectively gets rid of any threat. The best anti virus to me, is compartmentalizing your system by default, so if you're compromised it doesn't compromise you entirely. Anti Virus's do attempt to isolate the threat before it does any damage, but there are no guarantees of that.  I'm not going to go into this rabbit hole as I'm afraid it'll go too off topic. However, while I agree with the OP's statement that you should be careful, the only way you can truly be sure, is via isolation, even then there are definitely risks, but it's the most secure way other than not using the internet at all. Obviously, I'd recommend against using hot wallets when not necessary anyhow, and strictly use cold storage.

This all obviously depends on your threat model. Most viruses aren't very sophisticated, and they don't need to be, because they aren't meant to be attacking high profile people. Instead, they often try to advertise or collect data.

Good recommendation welsh I will give Norton antivirus a try, maybe if I have a strong antivirus installed in the first place maybe none of this wouldn't have happened, thank you.

Well, I am 56 years "young" (no offense taken though), so you could say I'm an "older generation person", but I have been very interested in computers since I was little, yet I don't feel I have the knowledge to effectively protect myself. I find there are so many different classes of attacks, it's overwhelming.
Incidentally I switched to Linux more than a decade ago, and felt somehow secure because of it, but since I started on cryptocurrencies I wouldn't bet on it.


Nothing is impossible. It just takes work, and, like you said, it may be inconvenient at times, but it can be done, and it has been done. Now they say web 3.0 will be more focused on personal security and privacy. We'll see...


I used Norton once in 2005, on a computer I knew, for a fact, was infected. It didn't find anything, even when running it in "safe mode". Then I did a google search and found Spybot S&D. on the first run, it found about 1800 viruses. On a second run on "safe mode", it found another 300. I never used Norton again.

Don't get me wrong, if you don't consider yourself up to the standards to protect yourself online, then by all means install a anti virus, but definitely keep in mind that it doesn't protect you fully, and therefore there's a chance that you could become complacent, and neglect security advice that you wouldn't if you didn't have the anti virus.

If your anti virus doesn't collect data on you, doesn't advertise crap, and doesn't use too much of your resources, then there isn't too much of a problem. Although, you can absolutely mitigate the risk without a anti virus, like I said by downloading only from trusted sources, having scripts turned off by default on your browser, flash, and other media turned off by default, and by verifying signatures even if you trust the website your downloading from, since you want to be absolutely sure that website hasn't been compromised.

Yeah, it's definitely not meant to offend. I just thought that's the easiest way of explaining it that some people will be able to relate too. It's a fact that some older generation people are more up to scratch with security than younger, in fact this isn't always down to having more knowledge about their computer, but fear of using it if that makes sense.

Security is very complex, like seriously it's very complex to the point that I doubt anyone follows all the recommended steps, that's when anti viruses do offer some protection, but as stated the complacency that could introduce shouldn't be underestimated.

Linux has some benefits to it, like for example root permission often has to be elevated, although it entirely depends on the setup that the individual has. Although, Linux definitely does have some built in protection just by how it usually ships, and the fact that most viruses will be adapted to those running the most popular operating system, which is currently Windows I believe.

Running a Linux system doesn't mean you're automatically secure though.

I'd go as far to say that inconvenience along with complacency is the leading cause to infection. I can't prove that, but that's my gut feeling.

The bare minimum for me when using conventional operating systems (i.e not Qubes) is complete reinstall of the operating system infected, and a full reset of the router. This will prevent most non sophisticated attacks. Although, it's possible to survive formats, router resets, and bios infection, however this usually isn't the case for the vast majority of infections.

One can never be too careful to the point of paranoia. I also make it a point of duty to check the first three or four alphabets in the address I'm sending to, then the middle and end alphabets. I try as much as I can never to be in a hurry while on a financial transaction. With cryptos, I triple check. No hurry in life. Going forward, I think people should restrict links they click for a lot of these malware come from sites we visit, especially porn sites.

I'm curious why we don't have such with mobile phones since we also have clipboards with phones.

I tend to agree, but really it should be balanced. I've had this issue myself where I tend to look at things from a paranoid perspective, but then it isn't always rational to look at things that way. It usually means you're doing additional steps when it really isn't needed.

Personally, I recommend everyone picks a certain threat model (i.e personally defined strictness), and stick to it strictly.

I find it mind boggling that Android hasn't implemented a permission based system for accessing the clipboard, because it already has the fundamentals there. Especially, when a clipboard could be considered on of the biggest security flaws that users will fall victim too.

I think such malicious trick is possible on mobile phones by downloading a third-party keyboard, they always ask for some access that you don't want to accept, I find such keyboards unsafe to use.

Better safe than sorry, I would say. Those who overlook security measures often pay dearly for that. I rather be thought paranoid than being called a victim. But I get your drift.

Anything third party, not just keyboards, seeking permission to certain files on my phone scares me. I usually abort the process once I get that warning, no matter what I'm trying to work on. So, I can say Android does warn users too.

Reinstalling Windows won't help you in the long run if you don't change your habits. Clipboard malware is pretty tame compared to worst cases - full control over your PC, keylogging your passwords, stealing private keys from memory, etc. You need to have your wallet in an isolated environment - a cold storage or a hardware wallet or a system like Qubes OS, and you need to stop getting your offline machine infected - use open source alternatives instead of pirating software or downloading it from shady links and don't download anything from unverified sources at all.

Besides formatting your PC, I figure you’re being extra careful and selective when reinstalling software back on to it. Often, these situations occur after installing some unknown or hacked software, and reinstalling some given (rouge) software could lead to reiterating the issue.

Out of curiosity, have you managed to pinpoint or narrow down what software installation could have been the root cause of your problem?

Norton was then just an antivirus program, without detecting adware, spyware, or malware - and that's exactly what a specialized program for such things discovered - I know that because I used Spybot at the same time. In everything that that program found on your computer, most of it was probably pretty harmless, and I'm sure it wasn't viruses. It's like comparing Malwarebytes to any AV program today, this first one is synonymous when it comes to fighting malware.

---

Just a few minutes is enough to personalize the program, which includes this option - and I have it turned on and get 1-2 notifications in a week, sometimes not even one. I understand that there are much better ways to protect, especially if the computer has anything to do with cryptocurrencies - but as for me personally, I do not deal with any risky things, I have a hardware wallet and protection with antivirus + premium Malwarebytes and regular system updates are quite enough for me - and they do not burden the system to the extent that it would bother me. At this point, it’s the level of protection I can live with and feel safe with.

Yeah, when your responsible for your own money or anyone else's for that matter I tend to be a lot more paranoid, which is a good way of looking at it from that point of view because you are less susceptible to complacency, which has I've suggested I believe is one of the leading factors to people getting infected, and losing money.  

Yeah, Android at least has a decent permission system, although I do think it could be improved with slight additions. However, if your downloading questionable third party applications in the first place, that permission system might already be compromised, depending on their level of sophistication. Of course, most aren't that sophisticated like previously suggested, however when you're responsible for your money, being extra careful is likely the better route.

Yeah, I guess my point is anti viruses can introduce complacency, and as long as you're aware of that you can mitigate it. Although, an anti viruses can also be a waste of money, if you aren't downloading untrustworthy stuff from the internet, and aren't surfing the web unprotected (noscript etc) then you're pretty much good to go.

Anything that can be verified should be verified, and anything that doesn't offer signatures to verify should be considered not worth the risk of downloading in my opinion. I know it can be tedious at times, but that's exactly why complacency creeps in.

Thanks for sharing your experience and thanks to God you didn't loss anything. Yea, it's quite important to check the address multiple times that you copied and that your past. It's not only on PC, hackers could take control of your mobile devices as well. So whatever device you have been using needs to make sure the address is right. I often verify the address multiple times to make sure. I always check the last and first few digits of an address when sending funds. So even there is an attack could notice easily.

I usually check the string character by character before accepting the transaction.  Whenever I am in a hurry or lazy enough to care however, I tend to only check first and last 5 characters plus 4-5 characters from the middle.  I have a question for someone with enough knowledge to provide an accurate answer.  What are the chances I fall under this scam if I verify around 15 characters of the address string, if even possible at all?

-
Regards,
PrivacyG

Well, I'm kinda paranoid, so I check the whole string like 7 times before accepting it... ;D
And even after that, that waiting period to get the transaction approved is terrible. I guess I'll get used to it after a while, but right now, it really drives me crazy...

This malware you're talking about has also been encountered by my cousin few months back on his laptop. He was about to send some BNB BEP20(Binance Token) to one of his wallets and noticed that the address he pasted has been changed to another address. It is a good thing you also checked the last few characters of the address to confirm it. I also have this practice of confirming the first and last few characters of the address making sure that it was correct, it's better to always double check than lose money. Thank you for sharing!

Yes, this malware is indeed disturbing. Sometimes we are careless and accidentally click on a link and end up losing our set. It is also the world of technology and online, this situation is indeed vulnerable and often happens.
Some hackers send this malware through some links that seem very neat and not suspicious.

Lucky that you can avoid all of this. Hopefully, this will be a valuable experience for you and others too.
This, once more, tells and notices us that we must be more careful everytime going to do something, moreover related to the wallets of our assets, sending any transaction, online wallets, and other activities. It may not only happen to the wallets but also other sensitive data or transaction.

As many as 7 times and the whole coin address is really a bit paranoid, it is enough to check the first and last 4-5 characters unless you send a transaction that is really valuable. As for the speed of transaction confirmation, you need to learn how to interpret mempool (https://jochen-hoenicke.de/queue/#BTC,24h,weight) and adjust your fee accordingly if you want your transaction to be confirmed in the next block.

As far as I can see, there were times when you had to pay more for the next block in the last 24 hours, but currently, you can pay the minimum price and get a confirmation in the next block - but again, keep in mind that the time between blocks can sometimes be up to 60 minutes, although this is on average every 10 minutes.

Yeah, it is.  ;D However, checking just a few characters is a mistake, no matter how you spin it. One character is switched somewhere else, and you lose your funds. It doesn't have to be a hacker, it can just be a mistake. Check it only once, if you like, but check the whole thing.
About block time, thank you, I'll give it a read. In any case, when you're new any delay is a nightmare, and BTC is kinda slow... So, yeah, I'd definitely gonna read a lot more about it. 

So everyone talks about the copy paste malware on the pc before you send the btc.


Now before you click on send... is it true you only need to take a look at the first few and last few letters of the btc address you are sending to?  People say malware could change it but when they do change it, as long as you look at even the first few letters of the btc address you are sending to, isn't it going to be noticed immediately since its not like they could get the first few letters of the btc address you are sending to the same?

No, it's not. It's a shortcut, and like all shortcuts has a degree of danger. You should check THE WHOLE ADDRESS once you paste it. If you check the first and last few characters, there's always the possibility that (for whatever reason) one of the other characters may be changed, and you'll lose your money. It just takes a moment, verify the whole string.

If you get any malware or keylogger on your pc, do hot wallets of yours automatically become at risk?  For example let say you have software wallets on your pc like electrum or exodus etc.  Those are protected by your seed phrase.  But of course when you log in your pc, you type in your password to each of the accounts to log in.



If you get some kind of malware or anything like that on your pc, does that mean a hacker literally could record any keystrokes you done and literally open your electrum or exodus or other software wallets with the password and then send the coins to their own wallet?  Thus this way even if they don't have your seed phrase it doesn't matter because your computer is compromised?



So could a virus do that?  Or only keyloggers and malware?  I also heard of RAT - Remote Access Trojan... so that would be another method?  So whether you have your computer turned on or not, they literally could empty your software wallets if you just have your password?  Whether your password was typed... or say your password is in a password manager and they could record any keystrokes of you entering your password manager or whatever you are copying/pasting with the password for electrum or exodus?  I also heard if you have teamviewer installed, you need to remove that as well.  So keyloggers, malware, RAT, teamviewer... and what else can cause this? 



If you click on a link and it downloads something to your pc but you do not open it, are you still safe?  If you click on a link but do not do anything are you safe as long as you don't enter anything?



Now if you use windows defender which is free and say malwarebytes the free version, you could catch these malware very easily?  But if you have paid computer security like bitdefender or kaspersky and programs like that... it would detect it the moment you download/open it?  So windows defender isn't as strong and would allow it?



Also what about visiting websites?  I heard of sites where you go there, it would automatically download into your browser.  But if you have bitdefender, kaspersky and those things, would that protect you? 



What about visiting a website that shows as insecure but you are manually entering it and visiting it?  If you click on that website, bitdefender and kaspersky would give you an alert?  What about windows defender?

My little cousin lost 2000 stratis coin to this crypto address swapping malware in 2019, at first we thought someone came into the house and steal the coins but later we found out that every time he copies his own address and try to paste it the address change automatically.

Could you remove this malware with your antivirus or you have to reinstall your machine?