The attacker malware gain access to the clipboard of his victims device. The malware change the bitcoin address that the victim copied. It changed it to the attackers bitcoin address. So if the victim paste what is copied to the clipboard, it will be the attackers address and not the address that he copied.
If the victim wants to send his address to someone to send him some coins, it will be the attackers address that would be sent.
If the victim wants to send bitcoin to someone, he will unknowingly send the coins to the attackers address.
That is why it is good to check and recheck the address that you are sending coins to.
That is why it is good to avoid malware
Cold wallets are safer
Using QR code is effective as it does not make use of clipboard but camera.
If the victim wants to send his address to someone to send him some coins, it will be the attackers address that would be sent.
If the victim wants to send bitcoin to someone, he will unknowingly send the coins to the attackers address.
That is why it is good to check and recheck the address that you are sending coins to.
That is why it is good to avoid malware
Cold wallets are safer
Using QR code is effective as it does not make use of clipboard but camera.
Thanks Charles,
BTC addresses are difficult to identify with the naked eye, so many people do not bother to double-check visually, which can easily lead to errors.