A New Clipboard Attack

[jak3]

Guys one of my pal reported to me that his bitcoins where hacked becuause he pasted his bitcoin address and a different address gets pasted and he just sent coins to that address. when I checked that address I realized that many users get fall under this typo attack. its basically infecting your device with a virus which keeps storing the hackers bitcoin address in your clipboard so when ever you are pasting anything then that address will be pasted.
Here is the hackers address : 13ywdpLJ9iEA93BtCwez2w8zXFPWxoDota

[ahmedjamal1998]

First of all sorry for your friend's loss. Hope he didn't lose much.

Actually I heard this story a couple of times here. That's why everyone should proof-read the address and make sure that it's the one you need before pressing the send button.

[Zepher]

Damn.. 26.5+ accumulated so far. At current rate, that's over $40,000. Could be one of many addresses as well.

[Chevas Regal]

Clipboard hijack is one of oldest tweaks that prevail on web and it is good shame to see many hackers are exploiting it to steal bitcoin.
A simple JavaScript based demo: http://joeba.in/copy_hijack.html

[chaser15]

Guys one of my pal reported to me that his bitcoins where hacked becuause he pasted his bitcoin address and a different address gets pasted and he just sent coins to that address. when I checked that address I realized that many users get fall under this typo attack. its basically infecting your device with a virus which keeps storing the hackers bitcoin address in your clipboard so when ever you are pasting anything then that address will be pasted.
Here is the hackers address : 13ywdpLJ9iEA93BtCwez2w8zXFPWxoDota

UP for this!

But wait, it's usual for an average joe to know if the copied address is the same as the actual one. For a newbie, they are even checking it multiple times because they are new to bitcoin transaction system (same as I did back in my newbie days and just learning the interface of the wallet). How come your friend never noticed that the one copied is a wrong one? Also there is a confirmation before hitting the send the button depends on the wallet they used.

Or that virus clone the actual copied address but the real one copied to the clipboard is the address you pasted. Something like hidden. Well I don't think that is possible after all?

[AdolfinWolf]

Clipboard hijack is one of oldest tweaks that prevail on web and it is good to see many hackers are exploiting it to steal bitcoin.
A simple JavaScript based demo: http://joeba.in/copy_hijack.html

Why is it good to see normal bitcoin users lose their bitcoin, for which they probably worked hard for? Is that fun?

These kind of things are what's keeping bitcoin from going mainstream aswell.  These kind of hacks/viruses intrigue fear.

Just imagine if someone loses their lifesavings which they've put in BTC due to this? It surely won't improve the PR of bitcoin, I can tell.

Seems a bit immoral to me..

[Zepher]

...it is good to see many hackers are exploiting it to steal bitcoin.

Say what?

I don't agree with your stance that this is a good thing. Bet you would reverse your position if this somehow happened to you - as unlikely as it may be considering your knowledge on the subject.

[Chevas Regal]

...it is good to see many hackers are exploiting it to steal bitcoin.

Say what?

I don't agree with your stance that this is a good thing. Bet you would reverse your position if this somehow happened to you - as unlikely as it may be considering your knowledge on the subject.

Lol..im onto mobile...i meant with the above quote that the tweaks is really good and old but hackers are using it to exploit bitcoin. You understood it wrong...my intention was not praising hackers..

[Patatas]

Unfortunately,only the newbie victims fall for it.Pretty sure an experienced bitcoiner is cautious while doing transactions. Doesn't matter how low the amount is,I'll make verify it couple of times that I've pasted the correct address as I copied from the source.Being extra careful about your money helps.Clipboard hacks are probably the oldest in the bitcoin hacking scene.

[robelneo]

For more information about that attack you can read this article the virus is known as Coinbitclip trojan and everybody should be aware of this you must look at your wallet address first three digit at the beginning and at the end

https://www.hackread.com/coinbitclip-trojan-threat-to-bitcoin/

[khufuking]

It is really sad specially that most will fall in this is newbie that prob worked really hard to collect there BTC to just lose it that way . i have read the article and it looks like this trojen is out there since 2011 . anyway it is always good to recheck the first 3 and last 3 numbers to the wallet you will send too wither you are newbie or not

[jak3]

Clipboard hijack is one of oldest tweaks that prevail on web and it is good shame to see many hackers are exploiting it to steal bitcoin.
A simple JavaScript based demo: http://joeba.in/copy_hijack.html

thanks for this little helpful explanation. i can be used to demonstrate the effect or the scenario of that attack to other newbies who hasn't ever faced any situation like this.

It is really sad specially that most will fall in this is newbie that prob worked really hard to collect there BTC to just lose it that way . i have read the article and it looks like this Trojan is out there since 2011 . anyway it is always good to recheck the first 3 and last 3 numbers to the wallet you will send too wither you are newbie or not

i think every wallet should have a feature that even ever we paste or type a valid bitcoin address they should show the address's balance at a side. This can help to prevent a lot of scams like this. at least my bot does that

[judeafante]

Clipboard hijack is one of oldest tweaks that prevail on web and it is good shame to see many hackers are exploiting it to steal bitcoin.
A simple JavaScript based demo: http://joeba.in/copy_hijack.html

thanks for this little helpful explanation. i can be used to demonstrate the effect or the scenario of that attack to other newbies who hasn't ever faced any situation like this.

It is really sad specially that most will fall in this is newbie that prob worked really hard to collect there BTC to just lose it that way . i have read the article and it looks like this Trojan is out there since 2011 . anyway it is always good to recheck the first 3 and last 3 numbers to the wallet you will send too wither you are newbie or not

i think every wallet should have a feature that even ever we paste or type a valid bitcoin address they should show the address's balance at a side. This can help to prevent a lot of scams like this. at least my bot does that

That is a good feature,can you tell us the kind of bot you are using and is it free or paid or is it customized to your need,this will avoid scenario of sending your coins to other wallet,but you also need a very powerful anti virus like karspersky or bitdefender.

[actmyname]

i think every wallet should have a feature that even ever we paste or type a valid bitcoin address they should show the address's balance at a side. This can help to prevent a lot of scams like this. at least my bot does that

There's nothing too difficult about double-checking the address that you're sending funds to. After all, why not be careful when you're managing financial transactions? One wrong misstep could be fatal.

but you also need a very powerful anti virus like karspersky or bitdefender.

For what? I'm sure that it isn't too difficult to be cautious on the internet, or to use a virtual machine, right? After spending years online, I decided to scan my PC. Clean as a whistle, of course.


At the end of the day, most ill results stem from the victim and though I do not encourage scammers, it is ignorance and recklessness that fuels their efforts.
(waiting to get hacked now)

[aioc]

I am not aware of this trojan but I do make sure that my wallet address is correct I look at the wallet several times to fully check that the wallet is indeed correct,it pays to do this since there's no charge back.

[Chevas Regal]

I am not aware of this trojan but I do make sure that my wallet address is correct I look at the wallet several times to fully check that the wallet is indeed correct,it pays to do this since there's no charge back.

If you are a true bitcoiner and do a number of transactions a day like 40-50 then it can be troublesome for you to look every single bit of address copying and pasting, the joke is that the address will always have initial and final 2-3, 3-4 bit same respectively  but middle order will be different. If you are busy and do a multiple transaction then there is 6-0-70% chance that you will get the address unnoticed. The only need for the cracker is that he need to find a fat victim who has a turnover of 6-7 btc a day or more and he can rip them.

i am not saying a joke but people wait for such victim for months and years from spreading to deployment of payload.
_______________________________________________________________________________ ________________________________

Moreover the funny thing is that almost all antivirus will get i unnoticed , the only fool proof detection is malwarebytes. If one antivirus detect it then they will fud it with more rouge NJRat.

If someone is willing to see a demonstration then let me know , i can help them to understand the concept with a live demo with working but it will only for demonstration.

It is really sad that some responsible people understand things in a wrong way but also don't understand the effort one is trying to make people aware of threats.

[jak3]

guys i found another clipboard attack from the address 13JF5274VuNthhwKkLrYyZW73smjSYAEen please be aware from the attack as it is now spreading day by day.

[Zepher]

guys i found another clipboard attack from the address 13JF5274VuNthhwKkLrYyZW73smjSYAEen please be aware from the attack as it is now spreading day by day.

Is this mobile or desktop/laptop?

I would like to know how users devices are being infected, installing a dodgy app on their phone, or just clicking unsafe links on your desktop or laptop.

I do know that the Google Play Store is full of apps that have malware imbedded in them, that many apps that Google cannot keep up with the removal of them as new ones keep being added. Some take weeks to be noticed/found.

All I can say is be vigilant people. Currently there are a number of scams going, a current one here on the forum is the following:

Being PM'd by a newbie user who says:

Dear xxxxxx

I have replied to you.

[insert legit "looking" bitcointalk link*]

* this is not legit at all. If you hover over it, it does not turn green like legit links on this forum will, you will also find it redirects to a totally different site.
Do NOT click on such links, and be wary of such PM's from a newbie user.

[jak3]

guys i found another clipboard attack from the address 13JF5274VuNthhwKkLrYyZW73smjSYAEen please be aware from the attack as it is now spreading day by day.

Is this mobile or desktop/laptop?

I would like to know how users devices are being infected, installing a dodgy app on their phone, or just clicking unsafe links on your desktop or laptop.

I do know that the Google Play Store is full of apps that have malware imbedded in them, that many apps that Google cannot keep up with the removal of them as new ones keep being added. Some take weeks to be noticed/found.

All I can say is be vigilant people. Currently there are a number of scams going, a current one here on the forum is the following:

Being PM'd by a newbie user who says:

Dear xxxxxx

I have replied to you.

[insert legit "looking" bitcointalk link*]

* this is not legit at all. If you hover over it, it does not turn green like legit links on this forum will, you will also find it redirects to a totally different site.
Do NOT click on such links, and be wary of such PM's from a newbie user.

My Friend was on his desktop pc(windows 7/Google chrome) he was just paying for a advertisement site , he copied the address from blockchain and pasted it for the payments, then he entered the amount and pressed that big send button without even checking where he was sending the money. He came to realize his mistake sometimes later when he was coding a site and when he pasted he got the address and noticed that the address doesn't belongs to himself.