Clipper Malware Alert — Protect your Crypto.

[nelson4lov]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Here is how it works in a nutshell:

It intercepts data stored in the clipboard, primarily targeting cryptocurrency wallet addresses. When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one designated by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker's wallet, resulting in financial loss.

ELI5 version:

Anytime you copy an address, it is temporarily saved in your device's clipboard for later use. To use it, you simply have to paste it from your keyboard. There is a malware right now that changes the copied address to a different one. So when you copy and paste without checking, you might lose your funds as it would be sent to a different address.


This malware is not new per-se but given the fact that it is becoming common, it is important to protect ourselves from the Malware so we don't fall victim too.  

Some tips:

• Verify that you downloaded the genuine apps. This isn't the time to download pirated softwares and apps.
• Triple check addresses: Before confirming a transaction, double check the addesss at least 3 times. This is what I personally do — Start from looking at the first 6 characters, then the middle 6 characters and the last 6 characters.
  
  Hackers can generate an address that it almost identical to your copied address. Binance ex-CEO (Changpeng Zhao | CZ) posted about a similar attack back in 2023 that saved over $20m of transaction value.  
  
  
  
  
  
• Bonus: Use a security software. This is optional but you can add it to improve your security. I personally don't use it.

Prevention is always better than cure. Stay safe everyone.

References:
[1] Binance Security announcement: https://www.binance.com/en/blog/security/protect-your-crypto-understanding-the-ongoing-global-malware-attacks-and-what-we-are-doing-to-stop-them-7968393135385409266
[2] CZ's 2023 thread on almost identical address attacks: https://x.com/cz_binance/status/1686764372616515585?s=19

[Charles-Tim]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Do not mind anyone that says it is becoming frequent now. It has been frequent since many years ago.

Triple check addresses: Before confirming a transaction, double check the addesss at least 3 times. This is what I personally do — Start from looking at the first 6 characters, then the middle 6 characters and the last 6 characters.

It is good to check and recheck the address that you are sending coins to before sending, that is true. This could be of help to know if your device has been infected with clipboard malware. But not only that. Also you need to check and recheck the address that you are sending to people before you press on send. As it can affect you when you are sending coins to someone, also it can affect you when you send wrong address to someone which is the address of the attacker.

If possible, you can make use of QR code instead. Making use of QR code is good because the image will not store in clipboard. But irrespective of the methods that you use for the sending, check and recheck the address is very good.

[Doan9269]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Here is how it works in a nutshell:

It intercepts data stored in the clipboard, primarily targeting cryptocurrency wallet addresses. When a user copies and pastes a wallet address to transfer cryptocurrency, the malware replaces the original address with one designated by the attacker. If the user completes the transfer without noticing the change, the cryptocurrency is sent to the attacker's wallet, resulting in financial loss.

The most common of this is the way we can loose our asset in crypto by just a copy and paste task, this is what some users don't pay attention to, they would have made the task by copying the intended address or content while at the cause of pasting it, it would have changed from what they have copied before pasting, this makes it more paramount for us to always consider making verification of our contents on the clipboard to be the same as the intended one.

[Igebotz]

It is good to check and recheck the address that you are sending coins to before sending, that is true. This could be of help to know if your device has been infected with clipboard malware. But not only that. Also you need to check and recheck the address that you are sending to people before you press on send. As it can affect you when you are sending coins to someone, also it can affect you when you send wrong address to someone which is the address of the attacker.

If possible, you can make use of QR code instead. Making use of QR code is good because the image will not store in clipboard. But irrespective of the methods that you use for the sending, check and recheck the address is very good.

Clipboard and dust transactions were widespread on Trust Wallet back then, and individuals who would just copy and paste addresses from transaction history were their target. The scam is no longer a thing because most wallets now allow you to save trusted wallet addresses instead of having to copy and paste them every time you want to conduct a transaction. These features are useful, but we should triple-check addresses before broadcasting transactions as part of our standard practice.

If I deleted your posts on this thread please repost without quoting the entire OP that's spamming.

[Hatchy]

Clipboard and dust transactions were widespread on Trust Wallet back then, and individuals who would just copy and paste addresses from transaction history were their target. The scam is no longer a thing because most wallets now allow you to save trusted wallet addresses instead of having to copy and paste them every time you want to conduct a transaction. These features are useful, but we should triple-check addresses before broadcasting transactions as part of our standard practice.

The truth is that copying address and pasting from clipboard still remains the safest way to input a transaction address. But then you have to be sure your clipboard hasn't been affected by some virus or exchange with some trojans(apps designed by hackers to act like the original but actually clones) to do this, you must avoid installing third party keyboard on your device.

Why I don't mostly recommend address book is that most times, these address might change or probably the user just doesn't use his old address anymore and doesn't have access to it, but you have already sent the coins. So it better to always get the address and confirming before sending coins.

[Smartvirus]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Do not mind anyone that says it is becoming frequent now. It has been frequent since many years ago.

It’s something I’ve heard of over the years and am surprised it’s coming up yet again. Not a bad update for the new forks around to be aware of and take precaution, it’s also a reminder to the many of us that have been around to give extra care to verification of an address before giving the final go command.
Once your device is comprised, the best you could do is avoid doing any transaction on that device. Better to restore factory set the whole device and import your wallet on a different device to continue your cryptocurrency dealings.
Even then, always verify the address to be correct before sending the transaction. It doesn’t matter if you scanned a QR code or you had to copy paste the address.

[Igebotz]

Clipboard and dust transactions were widespread on Trust Wallet back then, and individuals who would just copy and paste addresses from transaction history were their target. The scam is no longer a thing because most wallets now allow you to save trusted wallet addresses instead of having to copy and paste them every time you want to conduct a transaction. These features are useful, but we should triple-check addresses before broadcasting transactions as part of our standard practice.

The truth is that copying address and pasting from clipboard still remains the safest way to input a transaction address. But then you have to be sure your clipboard hasn't been affected by some virus or exchange with some trojans(apps designed by hackers to act like the original but actually clones) to do this, you must avoid installing third party keyboard on your device.

Why I don't mostly recommend address book is that most times, these address might change or probably the user just doesn't use his old address anymore and doesn't have access to it, but you have already sent the coins. So it better to always get the address and confirming before sending coins.

Do you make transactions without asking and confirming the recipient address? Even if you have any of their old addresses saved you still need to be sure he wants to receive it in the same address before broadcasting. But personally my address book contains only my whitelisted addresses. Well, I understand where you're driving at.

[Charles-Tim]

The scam is no longer a thing because most wallets now allow you to save trusted wallet addresses instead of having to copy and paste them every time you want to conduct a transaction.

You can save some addresses but you still notice that many times you still have to copy and paste address because the address you want to send money to is not among the saved addresses. Example is when someone just sent you his address for the first time for you to transfer money to him.

If you save an address, possibly that you are the own or the address belongs to one of your family. You are not going to likely save addresses that belongs to other people except: read what I post under Hatchy quote which is another reason.

Also if you want to send coins to someone, you can ask if you can send it to the old address. The person can send another address instead. Also if you did not ask the person to either send it to the old address or not, he may just decide to send you another address.

Also some people like privacy. There are reasons bitcoin address of bitcoin wallets are changing to another new address after you receive transaction.

Also someone can be a beginner and just start using the wallet.

Also the person may have first time downloaded the wallet.

Why I don't mostly recommend address book is that most times, these address might change or probably the user just doesn't use his old address anymore and doesn't have access to it, but you have already sent the coins. So it better to always get the address and confirming before sending coins.

I guess those that save addresses will most likely be the owner of the address, or the addresses belongs to people that you are paying like the campaign managers paying weekly. That for experienced people but newbies can make mistakes which makes me agree with you. Not good to save the address of an exchange or custodial wallet.

[nelson4lov]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Do not mind anyone that says it is becoming frequent now. It has been frequent since many years ago.

Yes, the Malware has been around for a long time but reports about it died down for a while and I almost thought it was non existent anymore but the habit (triple checking addresses for correctness never left me).

Do you make transactions without asking and confirming the recipient address? Even if you have any of their old addresses saved you still need to be sure he wants to receive it in the same address before broadcasting. But personally my address book contains only my whitelisted addresses. Well, I understand where you're driving at.

The concept of withdrawal to only whitelisted addresses is a good approach too. But it is operating under the assumption that the whitelisted addresses aren't compromised and will never be. I've seen a case where one or more of those addresses gets compromised (aka hacker have same access to the wallet address) and they find a way to initiate a withdrawal from the CEX — and it would be approved.

But this rarely happens but the possibility is always there. You made a very good point/suggestion though.

[Lida93]

This very malware is not new tho it's still a  relevant reminder as there are persons that may have forgotten about it and most importantly it's a helpful awareness for the newbies to know that such binder malware exists and that the copy and paste routine of addresses should not 100% be trusted as it's necessary to do a careful confirmation check of the address before going on with the transaction.. Although the op was particular about binance but be rest assured that this malware error isn't exclusive to binance exchange users only it can happen with any exchange or wallet.

[Amphenomenon]

My attention has been drawn to a recent announcement from Binance about a malware attack that has become frequent in recent times. It is called a clipper malware.

Do not mind anyone that says it is becoming frequent now. It has been frequent since many years ago.

Yes, the Malware has been around for a long time but reports about it died down for a while and I almost thought it was non existent anymore but the habit (triple checking addresses for correctness never left me).

The aspect of triple checking addresses is something I will never stop especially after this Be cautious when copying wallet addresses from someone who is a Nigerian being victimized, I saw more reason for triple checking.

Actually if we notice scam or malicious attacks that becomes common and then soon people forget about their dangers since it became clearly known to many thereby fewer people falling for it, after a long while we often see shocking news of someone losing big from it because majority will let their defense down on it, I think the best approach is always to stay guided against any of these to avoid being victimized.

Do you make transactions without asking and confirming the recipient address? Even if you have any of their old addresses saved you still need to be sure he wants to receive it in the same address before broadcasting. But personally my address book contains only my whitelisted addresses. Well, I understand where you're driving at.

The concept of withdrawal to only whitelisted addresses is a good approach too. But it is operating under the assumption that the whitelisted addresses aren't compromised and will never be. I've seen a case where one or more of those addresses gets compromised (aka hacker have same access to the wallet address) and they find a way to initiate a withdrawal from the CEX — and it would be approved.

But this rarely happens but the possibility is always there. You made a very good point/suggestion though.

Often times I prefer those QR code in order to avoid issues like this when transferring coin to other people

[nelson4lov]

This very malware is not new tho it's still a  relevant reminder as there are persons that may have forgotten about it and most importantly it's a helpful awareness for the newbies to know that such binder malware exists and that the copy and paste routine of addresses should not 100% be trusted as it's necessary to do a careful confirmation check of the address before going on with the transaction.. Although the op was particular about binance but be rest assured that this malware error isn't exclusive to binance exchange users only it can happen with any exchange or wallet.

Yes, it's definitely not new. But it was almost non-existent for a long time and only became more frequent in recent times. It's like a malware that almost everybody forgot about and now catching people off guard again. So the thread was more of a heads-up /reminder. It's the same way that ERC20 token approvals phishing scams stopped being rampant for a while until a another surge started months after people started letting their guard down.

[Igebotz]

The scam is no longer a thing because most wallets now allow you to save trusted wallet addresses instead of having to copy and paste them every time you want to conduct a transaction.

You can save some addresses but you still notice that many times you still have to copy and paste address because the address you want to send money to is not among the saved addresses. Example is when someone just sent you his address for the first time for you to transfer money to him.

Only frequent used addresses should be whitelisted ( a good feature for signature campaign manager) since participants rarely change receiving addresses. This way they don't have to copy and paste addresses everytime they want to make payment.

The concept of withdrawal to only whitelisted addresses is a good approach too. But it is operating under the assumption that the whitelisted addresses aren't compromised and will never be. I've seen a case where one or more of those addresses gets compromised (aka hacker have same access to the wallet address) and they find a way to initiate a withdrawal from the CEX — and it would be approved.

But this rarely happens but the possibility is always there. You made a very good point/suggestion though.

Only way that happens is if the CEX is hacked.