Clipboard Malware

[Peanutswar]

It is true that we cannot stop scammers from operating, but exposing their styles and creating awareness just as op has stated, will help in reducing the number of victims these scammers will record. It is easier to avoid falling into the hands of these scammers when you are already aware that such a scam exist. People will not be at alert if the modes of operation of these scammers are not exposed to the public.

Because of scammers operating anytime then people should always triple check everything especially what the person is copying. Clipboard malware won't let people know that the thing that is pasted isn't what we have copied unless you noticed it right away by checking what you have pasted more than once. This forum is what makes me aware of this clipboard malware and how to avoid it.

Iven seen a lot of articles and thread some here in the community about this kind of malware and some of them once the attacker knew that the user are using a cryptocurrency once the trigger with the function of the mouse copy a cryptocurrency address they make a change with the destination address reason why its good to always double-check the tag of the address you would like to send. Also experience already this kind of attack as possible clearn your desktop or device to make sure its not compromised already. Dont overlook this kind of attacks it might damage more if you ignore.

[CryptSafe]

One of the silly mistake we may not want to fall a victim is by copying an address and refusing the double check on it after it was been pasted, this is here most people makes the mistakes, it happens also that those that use to copy address from their wallet transaction history with paying more closer to attention to the wallet address copied, scammer would have sent you a dust transaction with a similar address that looks like the one you have been using, if you just go over without checking the address to confirm the source, then one would have make a wrong transaction to a different account with the hope it's in their intended address, we should also avoid revealing our keys to the public as well as addresses we make use of.

You made a point here, I have experienced this in the past and this made me get my device formatted. I usually copy directly from my exchange wallet or wherever I want to send assets and the luck I had that day was that I was already used to always cross checking my receiving wallet address before I do anything so that day, I was moved to check the wallet properly and behold it was not the wallet I copied. It was just like a dream to me, I  copied it again watch it changed and in my very eyes it changed that was when it dawned on me that my gadget has been infiltrated with malware. So I got my gadget formatted immediately and that was the end of it  since then I was extremely careful and cautious of my transactions as I  do crosscheck properly before I click the send botton.

Most people do not really take their time to cross check their wallet address after they had copied it before sending, they just copy paste and send it since their devices are free, they do not have any issues but in the right sense,it is advisable to always crosscheck before they click on send irrespective of whatever the situation of their device  is, it is advisable to always do a cross check before executing transaction so that they do not make any mistake that they can never forget in a hurry.

[albon]

You made a point here, I have experienced this in the past and this made me get my device formatted. I usually copy directly from my exchange wallet or wherever I want to send assets and the luck I had that day was that I was already used to always cross checking my receiving wallet address before I do anything.[...]

You are indeed lucky that you discovered in time that your clipboard was infected with Malware, I consider this a dangerous malware because the victim may not notiice it at all if he has not heard about it before and does not double-check copied addresses.

If you have already previously downloaded from torrent sites or websites offering cracked programs or games,, using tools and services that bring traffic generation, or visited random websites that open pop-up ads, all of these could have exposed your computer to various types of malware.

There is also Malware that can steal the user's keylogger, access his files , and compromise his privacy completely, so it is always preferable to dedicate a separate phone or computer for wallets and exchange platforms.

[Patikno]

So far what I do is still safe, and there are no problems with my personal data, this is because I also always update and activate several important features of Windows Defender that can prevent unwanted attacks, besides that I also often schedule automatic scans, so that makes everything safe. While when I am going to do quite dense browsing, then I usually use the Deep Freeze application for further security, and of course it does not involve any personal data, especially on the clipboard.

Some malwares can get through, bypass windows defender, antivirus and likes ( besides some AV are completely trash) and still be fine, you keeping your windows update could have prevent your windows from some vulnerability attacks maybe but won't still safe you  from some set of malwares, maybe safe browsing could to some extent but the fact that your system connects to the Internet somehow could get you hacked someday... you might not know when it happens but always be prepared for it.

I agree with your opinion that some antiviruses are trash, but I don't think so with some paid antiviruses that often update for the security of their users. However, updating Windows is very important to do to avoid obsolescence and easy attacks because of not updating as you mean. And, regarding the internet connection when browsing, it is possible for users to get attacks, for me personally I put the more sensitive personal data on an external drive, and when I use it, I have to make sure it is not connected to the internet, and I really do this for much safer security.

[satscraper]

We need to mention it often and try to find solutions against scammers, hackers and criminals.

The solution, namely hardware wallets,  is  under our  foot. Such devices keep private keys, the latter never leave their place. Thus your stash ^{guarded by HW} will be safe  even if your machine is infiltrated.

The most malware  can do in this case is to  change your  destination address to "hacker's" one  but you can easily spot it as most hardware wallets have the displays that show the transaction details.

The best HW are those that use airgapped communication with the software client run on computer.


My favorite HW ^{which guards my stash}  is Passport 2 .

Find yours, DYOR.

Hope for the best but prepare for the worst.

[CryptSafe]

You made a point here, I have experienced this in the past and this made me get my device formatted. I usually copy directly from my exchange wallet or wherever I want to send assets and the luck I had that day was that I was already used to always cross checking my receiving wallet address before I do anything.[...]

You are indeed lucky that you discovered in time that your clipboard was infected with Malware, I consider this a dangerous malware because the victim may not notiice it at all if he has not heard about it before and does not double-check copied addresses.

If you have already previously downloaded from torrent sites or websites offering cracked programs or games,, using tools and services that bring traffic generation, or visited random websites that open pop-up ads, all of these could have exposed your computer to various types of malware.

There is also Malware that can steal the user's keylogger, access his files , and compromise his privacy completely, so it is always preferable to dedicate a separate phone or computer for wallets and exchange platforms.

Yes, situations like this are not quickly and easily noticeable but only one who takes time and carefully crosschecks their receiving wallet would be able to detect it in time as they are used to it because it is a routine for them. I believe many people have lost their assets as a result of this thinking there was a diversion or something not knowing that their gadgets have been infiltrated with malware which they do not know about.

After that experience, I stopped clicking and downloading Keynote Pad or whatever they are called not to talk of links sent to me or ads as I dare not think of them. I have never made such a mistake again and I do carefully crosscheck before I transfer as I have now made it a habit for me to be constantly doing whenever I want to carry out a transaction.

[Cricktor]

~~~

I second this, too. A good hardware wallet with an own integrated display (mandatory in my opinion) protects your precious private keys from potential malware on your computer. But it's mandatory to check every detail and especially every output address of any transaction before you sign it with your hardware wallet.

My hardware wallet of choice is the BitBox02. I will add a Krux hardware wallet soon as I like the concept of a stateless device.

Check amounts and output addresses thoroughly. You can check an address character for character, but it also suffices to check a handful at the beginning (excluding address prefixes 1, 3, bc1q or bc1p), in the middle and finally at the end of an address. I usually check around 6-8 consecutive characters in each of the three positions. It's ok to check less in the middle, but don't skip those!

The more careful you verify all details of a transaction before you sign and broadcast it, the less likely some malware can fool you and steal your coins.

If you're careless and lazy, malware can trick you even if you use a hardware wallet. Don't be a lazy fool.

[taufik123]

Check amounts and output addresses thoroughly. You can check an address character for character, but it also suffices to check a handful at the beginning (excluding address prefixes 1, 3, bc1q or bc1p), in the middle and finally at the end of an address. I usually check around 6-8 consecutive characters in each of the three positions. It's ok to check less in the middle, but don't skip those!

I even checked all the full letters and numbers on my destination Wallet address and made sure everything was correct.
In addition, I use a feature that saves the destination address that has been used before as a fixed destination address so I only need to choose from the whitelist that I have created. But yes of course checking before sending is a mandatory thing to do.


There was a fairly rare incident 2 years ago that was experienced by this forum user, where the OP made a mistake in sending his coins to a different address,
but the address is very identical because the Alamar prefix 1-5 is the same and the last 5 prefix is also the same.

You can read it here: https://bitcointalk.org/index.php?topic=5472207.msg63086113#msg63086113

As an illustration:
A1b2Cdfdruirj4grhg2urh5ggriorjf3D4e5F : belongs to OP
A1B2c1jijrj5ofmmf8jkfidk0mawq3d4E5F : mine

But not only on humans, but on the devices used, it is also necessary to do a deeper scan to ensure that the device is safe from clipboard malware or the like.

[DYING_S0UL]

If you are not careful enough you might lose everything. Actually I was once infected with this clipboard malware. And the tricky thing was detecting it. At first, I thought my copy paste function was broken. Tried to fix it several ways but failed to do so. Later realized it was a malware. To my surprise the defender or the antivirus detected nothing. The way it worked was, whenever I copied anything of crypto for example "an address", it replaced the original address with the hackers address. But when the content is some normal text, nothing gets replaced, the copy paste function works as intended. Tbh, I consider myself lucky, because I senses something was wrong when making that transaction. So I double checked the address and realised it wasn't the one I copied. In my case, I got saved but a lot of users doesn't. Lastly, I had to wipe my device completely and install a fresh OS.

Conclusion: Always double check, if needed triple check the address thoroughly before making any transactions. 

[cryptomaniac_xxx]

Conclusion: Always double check, if needed triple check the address thoroughly before making any transactions. 

Right, be aware of this kind of attacks, and so you know how to mitigate it by checking. This malware attack is not new though, so everyone should also have this in mind. Although as humans we might make a mistakes, along the way.

But maybe constant repetitions and good safety hygiene will be helpful in the end. As others have said, one practice is having a hardware wallet. Nothing beats good education and again, be aware that their is this kind of attacks and so we should be really attentive.

[Jegileman]

Clifford malware have been a very popular method scammers use to change one’s address into theirs and the prey sends money to them without checking to confirm the wallet in a rush and assumptions that they’ve copied and pasted the right wallet the money is to be sent to. While reading through the comments, I saw a user making reference to QR code when sending money out, that I feel is also another good method to avoid malware attack through infected keyboards by this hackers. I haven’t been using it more often even though I cross check address before sending money out. It could be a suitable method to avoid clipboard malware attacks for now as hackers also upgrade their format of getting to their prey all the time.

[Becassine]

As a Windows user on my laptop, I always turn off the history for the clipboard, so that there will be no copies saved, because it is too dangerous especially when we have just used it for personal things such as just doing a "copy" and "paste" for the personal information, password, or even seedphrase, it could be that it was hacked or even accidentally revealed when surfing sites. So from there I concluded not to activate the Clipboard history, and from that stay alert not to make mistakes when using any device.

Could you explain how to disable this function? I'd never heard of this before. By the way, what is a clipboard manager? How does it work?

A super-frequent scam at the moment is the fake naive people who put wallets words all over the place (comments youtube, reddit ...) with funds in them in order to recover the fees of the people who install these wallets.

[Cricktor]

A basic clipboard stores just the last copied item and that's it. You can paste the last copied item as many times you like, but when you copy a new item to the clipboard, the previous item gets replaced by the most recent one.

A fancier clipboard can store multiple items. Let's say, the last ten items that were copied to it (ten is here now an arbitrary limit). With multiple items you need a mechanism so that you can access not only the most recent one but any of the stored items. That's what likely a clipboard manager is good fore.

Beware if such a fancy clipboard can sync to multiple devices. This usually means that your saved items go to some "cloud device" and this is usually not your own computer but someone else's, like Microsoft or Apple or whoever provides the fancy syncing clipboard service.

Such a syncing fancy clipboard isn't the best idea if you copy your mnemonic recovery words to it for whatever reason.

[Patikno]

As a Windows user on my laptop, I always turn off the history for the clipboard, so that there will be no copies saved, because it is too dangerous especially when we have just used it for personal things such as just doing a "copy" and "paste" for the personal information, password, or even seedphrase, it could be that it was hacked or even accidentally revealed when surfing sites. So from there I concluded not to activate the Clipboard history, and from that stay alert not to make mistakes when using any device.

Could you explain how to disable this function? I'd never heard of this before. By the way, what is a clipboard manager? How does it work?

A super-frequent scam at the moment is the fake naive people who put wallets words all over the place (comments youtube, reddit ...) with funds in them in order to recover the fees of the people who install these wallets.

Actually, there is no need for further explanation to disable this function, just with a few simple steps. The easy way, you only need to open the Windows menu, then type in the search field "Clipboard" and the menu will appear, please click on it, and it will automatically display a menu that provides features that allow us to activate or deactivate it.




I have also heard of cases of theft through this clipboard feature, and the incident was on a site that asked for permission to request a clipboard on its site, I don't know for sure, but that's the news I heard.

[ContentWriter]

I agree with what the OP wrote, however, I must add that it is importnt to avoid using free WIFI. Hackers can steal your bitcoins if you do. Clipper boar am malware made waves  a couple of years back. The secret to avoiding losses is crosschecking your destination address before clicking the send button.

[Becassine]

I have also heard of cases of theft through this clipboard feature, and the incident was on a site that asked for permission to request a clipboard on its site, I don't know for sure, but that's the news I heard.

Thank you ! Great feature