Clipboard Malware

[Manila Tanaka]

Clipboard Malware is a big isse when your Clipboard gets infected, it is read out and copy pasted content can be hacked and modified.

Many downloads are always offered anywhere and we all know how dangerous some internet downloads really are.
Being careful is priority number one when it comes to downloads.
Because we need to protect our device, our data stored on it, as well as our coins, of course.

Downloads are inherently risky to our devices and should be avoided as often as possible. If in doubt, don’t do any download. Especially downloads related to crypto are often a target for hackers and malicious attacks.

Downloads to all devices are risky but experts have found out which devices are more vulnerable to malicious downloads:
- Mobile devices are most vulnerable, especially from unknown fabricators or from China, which are controlled by China’s regime.
- Windows devices are vulnerable because Windows is often targeted by hackers.
- Apple’s Mac and especially Linux devices (penguin) are less vulnerable to but of course, owners should also protect Linux device or Mac from hackers and be very very careful and avoid downloads.

Keep in mind: less vulnerable still means we should protect our devices, of course. We should always avoid internet downloads.


Open source vs. closed source

Open source means, it is possible for every coder to have a look into it, if it’s coded correctly or if any malicious parts for attacks are coded into a program.
While in closed source, it is not possible for coders to review it.
Open source is very important to avoid possible malware downloads. Of course, open source isn’t a guarantee to be safe and even experienced coders can make mistakes in coding or reviewing it or if it’s offered on a scam and phishing site. Better stay away, as pointed out earlier because downloads are inherently risky.


Ask for coder’s review of GitHub

Serious coders are always publishing on GitHub or make a program’s code visible as a part of open source act.
Because we are no coders, we need to rely on educated coder reviews and opinions of experts. If in doubt, we can ask a question here on Bitcointalk and a coder will look into it.
(Almost) every coder knows about GibHub and can access it as well.


Caution is our best insurance against malicious downloads and hackers
If we don’t make a download, we can not download a virus.
It’s a very clear fact.
We should avoid any unnecessary download and if we really need one (like Electrum), we should inform us if it’s open source and if in question, avoid it.
A random download doesn’t justify to risk damaging our device, our data stored on it, as well as our coins, of course.

Make sure to protect your device from malware due to downloads and Clipboard Malware.

[notocactus]

The cryptocurrency scam book.
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses
Report Malware and Suspicious Links here so Mods can take Action !
]How to lose your Bitcoins with CTRL-C CTRL-V

It's classic online threat and you need to read above resources and even more, to understand about this attack type, and be cautious and careful enough with your practice for keeping your devices and wallets safely from threats.

You can use Internet Security Software or Antivirus Software, but they are second layer of protection that can be false negative and fail to protect your devices and wallets some times.

Your attention must be on a first layer of protection: having healthy web-surfing habit to keep your devices out of threats, as cleanest as possible, it's a best preventive method to secure your devices and wallets.

[Agbamoni]

Similar topics:
Clipboard Virus
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses
[Warning]: Laplas, new clipboard malware

The most important security measure for clipboard malware is to ensure we always verify the site we are downloading things from. Many persons are always ignorant of this. It is no big deal just confirm the originality of the website link that's all before downloading anything from it.

[Cricktor]

Because "Not your keys, not your coins" having responsibility for your own wallets, prefer hardware over software wallets as early as possible, comes with some price.

A regular advise that I entertain: avoid using your daily internet shit devices also for your crypto wallet stuff. Use some affordable second-hand laptop for your crypto wallets, even when you combine your wallets with hardware wallet devices. Just keep a low exposure to internet shit with your crypto wallet gear.

I'm also not a big fan of having your crypto wallets on your main mobile phone where people usually install all sort of apps, games and whatnot else. No mobile phone is safe from app malware because the common John/Jane Doe basically has no means to verify an app is malware free. Every major app store had and still has malware apps, don't be silly to think, yours hasn't.

Internet browsers are very complex and large pieces of software with regularly a lot of bugs and possible exploits. While it might be difficult to excape a browser's sandbox, it's not impossible. So, you can't be sure that your mobile is always safe when you use it to browse whatnot shit on the internet. Same applies for your desktop regarding browsing the internet.

Good security practices are a must if you want your wallets to be safe. So, prepare yourself to know about such.

[Belarge]

It’s almost impossible to stop scammers and that’s why we just have to stay very careful of the internet space and secondly, we also have to avoid copying our wallet address from clipboards but directly from our wallet as there have been several cases of malware infected clipboards and one thing is that, these scammers are always very advanced and try as much as possible to stay very updated  on the latest developments and as such we also need to be very careful and try to keep all of our activities very safe and secure to avoid falling prey for these scammers.

[Catenaccio]

Because "Not your keys, not your coins" having responsibility for your own wallets, prefer hardware over software wallets as early as possible, comes with some price.

Bitcoin Q&A: Not your key, not your coin.
Not your keys, not your coins. How the SEC nearly destroyed my retirement account.

It's very important warning and vital rule to obey through your time with Bitcoin.

A regular advise that I entertain: avoid using your daily internet shit devices also for your crypto wallet stuff. Use some affordable second-hand laptop for your crypto wallets, even when you combine your wallets with hardware wallet devices. Just keep a low exposure to internet shit with your crypto wallet gear.

I'm also not a big fan of having your crypto wallets on your main mobile phone where people usually install all sort of apps, games and whatnot else. No mobile phone is safe from app malware because the common John/Jane Doe basically has no means to verify an app is malware free. Every major app store had and still has malware apps, don't be silly to think, yours hasn't.

Keep your online devices out of your wallets, Bitcoin fund, cryptocurrency fund. If you use your online devices to store cryptocurrency fund, it's only a very small hot wallet. Your main fund must be store in offline devices and cold wallets.
https://en.bitcoin.it/wiki/Cold_storage

[Queentoshi]

Avoid risky sites and downloads

You may do everything on your part to make sure to avoid such risky websites and even downloads, but then one day you make the mistake of allowing a close friend or even family to use your device for something they claim is important, and then they visit a risky website or make a download they think is harmless. All your effort at security goes to waste. It is necessary to try as much as you can to make sure that you are the only one using any device where you have important and sensitive information and application. Other people around you may not mean you harm but you can be the only one as careful with your device as you would want.

[Saint-loup]

A good way to avoid clipboard malware attacks is to use QR codes instead of doing copy-pasting of the destination addresses, but people should always double check the pasted address. At least the end of the address because it's very hard for attackers to generate addresses looking like the original one, even if they know it before being copied.

[Ambatman]

A victim of this for quite sometime.
I think the phone was affected before I got access to it.
What I did before changing the device was cross checking the address
The first few, the middles and the last datas.
Because they generate address that's so similar
If you ain't attentive you won't tell the difference.

[cryptoaddictchie]

A good way to avoid clipboard malware attacks is to use QR codes instead of doing copy-pasting of the destination addresses, but people should always double check the pasted address. At least the end of the address because it's very hard for attackers to generate addresses looking like the original one, even if they know it before being copied.

I remember my friend he uses Ronin network, he got victimized of this but the address is almost identical the first digits on front address is the same and the last one is the same too. The digits didnt got the same at the few figures like 4 to 6 at the tail of the end of the address. Normally the one we checked is on front and back but not within inside, wonder how they can make such almost identical address with a slight difference in the middle.

[Patikno]

As a Windows user on my laptop, I always turn off the history for the clipboard, so that there will be no copies saved, because it is too dangerous especially when we have just used it for personal things such as just doing a "copy" and "paste" for the personal information, password, or even seedphrase, it could be that it was hacked or even accidentally revealed when surfing sites. So from there I concluded not to activate the Clipboard history, and from that stay alert not to make mistakes when using any device.

[jstyler]

I've been using a clipboard manager with a secure mode that prevents copying sensitive info, it's a small thing but it's helped me feel more in control of my data.

[promise444c5]

As a Windows user on my laptop, I always turn off the history for the clipboard, so that there will be no copies saved, because it is too dangerous especially when we have just used it for personal things such as just doing a "copy" and "paste" for the personal information, password, or even seedphrase, it could be that it was hacked or even accidentally revealed when surfing sites.

Don't copy sensitive info especiallywhen it involves money , write it down and if you need to input it back type it manually.. so far you have a clipboard malware, turning of the history won't solve anything , it will just affect your current copy either logged somewhere or manipulated within... Also, If there's a need to copy stuffs like address and long stuffs which are not sensitive,  make sure you  preview the whole thing char.by char. especially if it involves money, it won't take you eternity to do .

[Patikno]

As a Windows user on my laptop, I always turn off the history for the clipboard, so that there will be no copies saved, because it is too dangerous especially when we have just used it for personal things such as just doing a "copy" and "paste" for the personal information, password, or even seedphrase, it could be that it was hacked or even accidentally revealed when surfing sites.

Don't copy sensitive info especiallywhen it involves money , write it down and if you need to input it back type it manually.. so far you have a clipboard malware, turning of the history won't solve anything , it will just affect your current copy either logged somewhere or manipulated within... Also, If there's a need to copy stuffs like address and long stuffs which are not sensitive,  make sure you  preview the whole thing char.by char. especially if it involves money, it won't take you eternity to do .

So far what I do is still safe, and there are no problems with my personal data, this is because I also always update and activate several important features of Windows Defender that can prevent unwanted attacks, besides that I also often schedule automatic scans, so that makes everything safe. While when I am going to do quite dense browsing, then I usually use the Deep Freeze application for further security, and of course it does not involve any personal data, especially on the clipboard.

[promise444c5]

So far what I do is still safe, and there are no problems with my personal data, this is because I also always update and activate several important features of Windows Defender that can prevent unwanted attacks, besides that I also often schedule automatic scans, so that makes everything safe. While when I am going to do quite dense browsing, then I usually use the Deep Freeze application for further security, and of course it does not involve any personal data, especially on the clipboard.

Some malwares can get through, bypass windows defender, antivirus and likes ( besides some AV are completely trash) and still be fine, you keeping your windows update could have prevent your windows from some vulnerability attacks maybe but won't still safe you  from some set of malwares, maybe safe browsing could to some extent but the fact that your system connects to the Internet somehow could get you hacked someday... you might not know when it happens but always be prepared for it.

[CryptSafe]

Scammers and hackers can not be stopped as they are on the increase every day. They further develop new tactics and devices for themselves which help them to undo their victims successfully without much notice. These guys take lots of time planning their scheme and not just planning, they monitor their victims to know when to strike as well because they study their victim's patterns and how they interact or do things so they can be able to do whatever they want without being noticed.

This is why most times it is advised to always change passwords at intervals and maybe also change the pattern of engagement and other activities too because doing this might destabilize whoever has been monitoring you for long and this means them starting from square 1 again to start their work on you and if you keep doing that, they would get tired of starting afresh and lose track of you and go for another.

OP if you had made available your reference for us to further read about this topic you have created, I believe many of us would learn more as there are those who want to read further but can not as they are just limited but this post you have here.

[Floxynice]

It’s almost impossible to stop scammers and that’s why we just have to stay very careful of the internet space and secondly, we also have to avoid copying our wallet address from clipboards but directly from our wallet as there have been several cases of malware infected clipboards and one thing is that, these scammers are always very advanced and try as much as possible to stay very updated  on the latest developments and as such we also need to be very careful and try to keep all of our activities very safe and secure to avoid falling prey for these scammers.

It is true that we cannot stop scammers from operating, but exposing their styles and creating awareness just as op has stated, will help in reducing the number of victims these scammers will record. It is easier to avoid falling into the hands of these scammers when you are already aware that such a scam exist. People will not be at alert if the modes of operation of these scammers are not exposed to the public.

This forum has saved a good number of people from being victims through the constant efforts of the members of this forum in making sure everyone is safe by bringing their experiences to this forum so others will be aware and stay safe. Scammers/hackers are smart people, we should always be steps ahead of them.

[nakamura12]

It is true that we cannot stop scammers from operating, but exposing their styles and creating awareness just as op has stated, will help in reducing the number of victims these scammers will record. It is easier to avoid falling into the hands of these scammers when you are already aware that such a scam exist. People will not be at alert if the modes of operation of these scammers are not exposed to the public.

Because of scammers operating anytime then people should always triple check everything especially what the person is copying. Clipboard malware won't let people know that the thing that is pasted isn't what we have copied unless you noticed it right away by checking what you have pasted more than once. This forum is what makes me aware of this clipboard malware and how to avoid it.

[DubemIfedigbo001]

Here are some examples of malware that have been known to use clipboard hijacking techniques:

Zeus Panda: This is a banking Trojan that is capable of stealing login credentials and other sensitive information by intercepting the data on the clipboard. When the user copies their login information into the clipboard, the Trojan replaces it with a fake set of login credentials, the real credentials are then sent to the attacker.

TrickBot: This is another banking Trojan that uses clipboard hijacking to steal sensitive information such as credit card numbers and login credentials. The malware monitors the clipboard activity and intercepts the data being copied and pasted, which is then sent to the attacker.

CryptoShuffler: This is a type of malware that targets cryptocurrency wallets by intercepting the clipboard data and replacing the legitimate wallet address with a fake one. When the user tries to transfer cryptocurrency to the wallet address, it is instead sent to the attacker’s wallet.
Clipboard Ghost: This is a clipboard hijacking malware that can intercept data being copied and pasted and replace it with malicious code or links. The malware can also inject code into the clipboard data to execute malicious commands on the user’s computer.

Malicious Tor Browser– Recently malicious Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users’ cryptocurrency transactions.

Another type of clipboard hijacking attack involves the use of a website or web application. In this case, the attacker may embed malicious code into a webpage, which can then access the clipboard data of the user’s computer when the user copies or pastes information from the webpage. This can allow the attacker to steal sensitive information such as login credentials, credit card numbers, or other personal data.

https://bufferzonesecurity.com/clipboard-hijacking-attacks-and-how-to-prevent-them/

Clipboard virus can get into the device even through trusted apps that are installed in the devices from app stores, hence increasing the risk of having it. So it's important we're super careful and reduce the apps we install in our phones to reduce the possibility of these viruses infecting our devices. Furthermore we've to safeguard any device that has something to do with our crypto holdings or better have a separate device dedicated to crypto and banking activities and we should neither browse with nor install much apps in it. Separation of concern is very vital for security purposes.

[Doan9269]

One of the silly mistake we may not want to fall a victim is by copying an address and refusing the double check on it after it was been pasted, this is here most people makes the mistakes, it happens also that those that use to copy address from their wallet transaction history with paying more closer to attention to the wallet address copied, scammer would have sent you a dust transaction with a similar address that looks like the one you have been using, if you just go over without checking the address to confirm the source, then one would have make a wrong transaction to a different account with the hope it's in their intended address, we should also avoid revealing our keys to the public as well as addresses we make use of.