How can I get over clip board malware attack?

[Accardo]

Hello, everyone, I think the malware attack is getting rampant and would want to know a better means of absenting myself from being a victim. Regarding some articles I've read about clipboard manager and how so many other Malwares except the clipboard malware attack still access the clipboard if a user opens an Email attachment, it's relevant to know some security measures. These malwares are turned into APP and gets hosted on a remote server which people can download without knowing that it contains a malware.

Looking at the characters of an Address it'll be difficult to memorize and the only option is to copy to the clipboard. My question is if they are other means of getting around this attack except crosschecking the address before sending. Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

Some of the articles I read, include

https://github.com/grepx/android-clipboard-security

He said something about launching the attack and the codes he provided look pretty simple to grasp, showing that the clipboard attack will explode soon on the internet. Especially on Android OS

https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=clipboard

Microsoft listed some other Malwares used by attackers to access information on the computer including the Clipboard manager.

MSDN
 Gave out some useful codes that'll help one read or write on a Clipboard using Virtual Basics.

[AB de Royse777]

Looking at the characters of an Address it'll be difficult to memorize and the only option is to copy to the clipboard. My question is if they are other means of getting around this attack except crosschecking the address before sending. Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

1. Stop visiting random sites. Just visit trusted sites
2. When you first visit and register then copy the URL in a note pad file. Every time go to the website by copying the URL from notepad
3. Do not click directly to an email that you were not expecting. The same apply for any link that you receive in social media and other sources too.

These are few things I try to follow to avoid phishing attack.

[DaveF]

You can always switch to linux for crypto related activity.

If you are going to be using Windows, installing GOOD AV software is a must *and* having something like Malwarebytes as a 2nd layer does help. The security part of Malwarebytes is meh at best but it does do a good job of blocking a lot of malware hosting sites. On top of that, if you don't mind giving up some privacy / anonymity installing MetaMask might help too. It's crap software for holding crypto, but it also does aggressively block a lot of crypto fraud sites too. Not going to those type of sites will really cut down on the chance of crypto clipboard malware.

If money is no object installing real front end security is also a good thing. But getting a SonicWall and the security subscription and a Barracuda Web Security Gateway and it's subscription will run into the $1000s and $1000s to start and the annual subscriptions are not cheap either.

-Dave

[Beparanf]

Malwarebytes and Windows defender is already enough to counter this kind of malware. This 2 AV can at the same time and also they web/online protection that will warn you whenever you visit on random website. Most of the malware are hidden on random ads on a website and from the zip files available on free downloading site on the Internet especially those movie site.

Always turn your AV and run a deep scan in daily basis to make sure your device is free from malware

[HeRetiK]

Looking at the characters of an Address it'll be difficult to memorize and the only option is to copy to the clipboard. My question is if they are other means of getting around this attack except crosschecking the address before sending. Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

Keep in mind that while cross-checking you don't need to check the whole address, character for character. Checking the first 5-7 characters at the beginning and / or end of the address should be more than sufficient. The addresses that clipboard malware sneak in usually look nothing like the intended address since they'd have to generate a vanity address on the fly which isn't really feasible.

[NeuroticFish]

Some of the articles I read

You seem to have missed the spot-on resource for this: How to lose your Bitcoins with CTRL-C CTRL-V
All in all, as usual, the best protection is you: check thoroughly if the copied address and the pasted address are indeed identical. As simple as that.

[Accardo]

Some of the articles I read

You seem to have missed the spot-on resource for this: How to lose your Bitcoins with CTRL-C CTRL-V
All in all, as usual, the best protection is you: check thoroughly if the copied address and the pasted address are indeed identical. As simple as that.

Thank you for sharing. The thread summarized it all and I got the idea I need like the Don't use Windows aspect of it. Windows have a lot of loopholes that makes it easier for attackers to get hold of people's computer. I'll just have to abide by the instructions. 

[BitMaxz]

Thank you for sharing. The thread summarized it all and I got the idea I need like the Don't use Windows aspect of it. Windows have a lot of loopholes that makes it easier for attackers to get hold of people's computer. I'll just have to abide by the instructions.  

Actually, the guide only guides you on how to copy the address carefully and check the pasted address 3 times.

For those who don't know how to use Linux and want to stay using Windows, it's recommended to have antivirus in my experienced never been infected with clipboard virus.
Having both Kaspersky and Malwarebytes is a pretty amazing tool to protect my machine from any threat almost 8 or 10 years of using it and always updated database to new viruses.

If you know how to use Linux then go use it but if not want to stay in Windows I suggest you disable Windows Defender and install Kaspersky instead which is much better protecting the PC from any attacks. I have experience with Windows Defender before and tried to any some files infected with viruses but it's not detected by WD.

[Husna QA]

Thank you for sharing. The thread summarized it all and I got the idea I need like the Don't use Windows aspect of it. Windows have a lot of loopholes that makes it easier for attackers to get hold of people's computer. I'll just have to abide by the instructions.  

Even if you can't leave Windows OS, make sure your OS is updated frequently. Install the antivirus as suggested above and update it regularly. For cryptocurrency asset storage, I suggest you use a hardware wallet. I even have a habit of always double-checking the address on the hardware wallet when sending coins.

[NeuroticFish]

I suggest you use a hardware wallet. I even have a habit of always double-checking the address on the hardware wallet when sending coins.

While hardware wallet is not a bad advice, one has to carefully double check the addresses whether he's using it or not.
What I also mean is that HW may give a false sense of security, while it doesn't actually help (directly) against clipboard malware.

[o_e_l_e_o]

Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

It takes 10 seconds to double check an entire address.  Even if you are in a rush for your transaction to be confirmed, the chances of a block being found in those few seconds are low, and even if it was, your transaction probably wouldn't have spread through the network and in to relevant mempools and candidate blocks fast enough to make a difference. Your transaction will almost certainly be confirmed at the exact same time whether or not you double check the address, so there is no excuse for not doing it.

You can keep your OS updated, download every piece of antivirus software there is, and all the rest of it, and still fall victim to this malware. The only 100% protection is to accurately double check the address against the source after you have copy and pasted it. It takes 10 seconds. Just do it.

Checking the first 5-7 characters at the beginning and / or end of the address should be more than sufficient. The addresses that clipboard malware sneak in usually look nothing like the intended address since they'd have to generate a vanity address on the fly which isn't really feasible.

There are definitely some pieces of malware out there which pick addresses from a pre-generated database which have matching characters at the start and/or end to trip up people who only check a few characters. As time goes on and technology continues to develop, this problem will only get worse. If you are going to check 5 characters at the start and the end anyway, it is absolutely trivial to just check the whole address.

[NotATether]

You can always switch to linux for crypto related activity.

Linux is not going to protect you from clipboard malware that's written for it. It's only going to make it slightly easier to remove (Windows, being the dinosaur it is, hides a lot of internal stuff inside the Registry and machine-readable files that's nigh-impossible to clean up save by reinstalling).

[Accardo]

You can keep your OS updated, download every piece of antivirus software there is, and all the rest of it, and still fall victim to this malware. The only 100% protection is to accurately double check the address against the source after you have copy and pasted it. It takes 10 seconds. Just do it.

Yes, I went through a thread on a Microsoft special interest board that talks about the vulnerability of windows OS on clipboard snooping. The question was to know if the antivirus actually get rid of the attack. But, the answer was centered on the fact that it helps reduce the possibility of such attack but, cannot prevent it entirely because of the loopholes on computers that use Microsoft OS. I think Microsoft is not a better choice for someone that wants to stay safe from such attack.

You can check the thread below
https://answers.microsoft.com/en-us/protect/forum/all/how-to-protect-ourselves-from-clipboard-snooping/5af0be93-f4fc-4034-a305-7e8045dda2f2

[Husna QA]

While hardware wallet is not a bad advice, one has to carefully double check the addresses whether he's using it or not.
What I also mean is that HW may give a false sense of security, while it doesn't actually help (directly) against clipboard malware.

The hardware wallet function is not as an antivirus. So first I suggest this:

-snip- make sure your OS is updated frequently. Install the antivirus as suggested above and update it regularly. -snip-

Linux is not going to protect you from clipboard malware that's written for it. -snip-

Yes, but currently, the target of the clipboard malware is Windows OS users. I have not encountered any cases of Linux being attacked by this malware. I'm also a macOS user and so far haven't encountered any cases of clipboard malware as in Windows OS.

-snip- always double-checking the address -snip-

[PrimeNumber7]

Because, sometimes I'm not perfect I'll just send my funds out to the address without crosschecking like everyone else who has something to attend immediately.

It takes 10 seconds to double check an entire address. 

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen. So unless you are using a device that is insulated from any malware your internet-connected computer may have, such as an HW wallet, or an air-gapped computer, checking the entire address will not do much good against malware.

It is however a good practice to double-check the entire address before finalizing a transaction, in case you copied the wrong address, or didn't actually copy anything when you already had another address in your clipboard.

[dkbit98]

Linux is not going to protect you from clipboard malware that's written for it. It's only going to make it slightly easier to remove (Windows, being the dinosaur it is, hides a lot of internal stuff inside the Registry and machine-readable files that's nigh-impossible to clean up save by reinstalling).

I never heard of a single clipboard malware for Linux operating system, I even searched the web to find more information about that, but without any result.
It doesn't mean it's impossible to make something like this but chances for this to happen are much lower than for WiNd0ws or Mac OS.
Few years ago I was testing some alternative clipboard manager software for windows, but I don't remember the name of that program that was just running in the background.
One more thing that is connected with clipboard are keyloggers, and protection for this is using encryption tools, so anything you type on keyboard will be protected.
This would be a good idea for win-addicts and lazy people, but not really needed if you use separate offline computer for crypto.

[o_e_l_e_o]

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen.

And malware could also just lift your private keys straight out of your wallet as soon as you unlock it if you aren't using a hardware wallet or airgapped wallet. Or just feed it a malicious transaction straight off, like the fake versions of Electrum did. But these kinds of malware are far rarer than clipboard malware, as is any malware which changes what appears on your screen.

The fact remains is that clipboard malware is relatively common, and it takes 10 seconds to fully check an address. It is irresponsible to do anything less.

[PrimeNumber7]

I would point out that if malware is able to change the content of your clipboard, it is also possible the malware can change what is displayed on your screen.

And malware could also just lift your private keys straight out of your wallet as soon as you unlock it if you aren't using a hardware wallet or airgapped wallet. Or just feed it a malicious transaction straight off, like the fake versions of Electrum did. But these kinds of malware are far rarer than clipboard malware, as is any malware which changes what appears on your screen.

The fact remains is that clipboard malware is relatively common, and it takes 10 seconds to fully check an address. It is irresponsible to do anything less.

Yes, as I mentioned in my previous post, it is a good practice to check the address before signing a transaction.

If someone knows or believes their computer is infected with malware, I would advise them to not trust any output their computer gives them, including information displayed on their screen.

[ANSEL_2.0]

This happened to me once but got saved because I like checking the last three alphabet at the end of my address most times, I wasn't able to get rid of this malware or whatever it is until I reformated my hard disk.

[Ryker1]

This happened to me once but got saved because I like checking the last three alphabet at the end of my address most times, I wasn't able to get rid of this malware or whatever it is until I reformated my hard disk.

Well checking the sending and receiving any crypto address before sending your coins is very important, the first 3 digits and the last 3 digits would help you to determine if still using your crypto address and make sure you copied it right.
However, to avoid this problem, just regularly check your computer or any device that was used to know if it is affected by the malware attack.