Clipboard hijackers know that remembering long alpha-numeric wallet addresses can make crypto transactions cumbersome. For example, a Bitcoin address can be between 26 and 35 characters long.
Just one wrong or missed character could result in lost and irretrievable crypto. Therefore, copy and paste can look oh-so inviting when tasked with getting each character correct.
But cybercriminals are counting on a dependence on Control + C / Cmd + C to divert cryptocurrency transfers straight to their own wallets.
In a fraction of a second, you could send your crypto directly to the criminal whose malware has been hidden on your computer for months.
A relatively simple piece of malicious code will replace a wallet address saved to the clipboard of a computer running Windows OS.
This means that when the mark hits paste (Control + P / Cmd + P) they have unwittingly entered the clipboard hijacker’s address.
One Reddit user was lucky enough to spot a last-minute change to a copy-pasted wallet address when attempting to transact between crypto exchange Kraken and a Monero wallet.
“When I copy and paste my wallet address from Kraken, the pasted address is not the same. Is this normal or a virus?,” asked the Reddit user.
Another user discovered a piece of clipboard hijacking malware hidden in a Reddit post about best privacy practices for Windows 10 users.
Clipboard hijacking is as easy as copy and paste
Clipboard hijacking is essentially a passive scam. Bad actors trick users into installing software, and the stolen crypto rolls in.
According to AV-Test, there are over 1 billion pieces of malware on the internet. More than half of that software is Trojan horses, malicious code hidden in otherwise innocent-looking programs.
The worst part is the would-be crypto thieves don’t even have to be particularly good at coding. There are several varieties of clipboard hijacking software freely available online.
In 2018, a pair of British teenagers managed to steal more than 16 Bitcoin (worth $650,000 today). The clipboard hijacking code was smuggled inside a downloadable crypto wallet which they shared on Reddit.
However, some clipboard hijacking campaigns are operating on a much larger scale. BleepingComputer tracked one piece of malware which monitors more than 2 million crypto addresses.
In early 2019, the first-ever Android clipboard hijacking malware was discovered on the Google Play store hidden in a fake MetaMask app.
Similarly, hackers can use this technique to steal sensitive data and fiat. Clipboard hijackers can use the malware to harvest bank details and credit card numbers that are added to the clipboard.
How to keep your clipboard safe from hackers
While crypto theft via a hijacked clipboard is a relatively new grift, it’s likely you’ve had your clipboard hijacked before.
Often news websites will add a link or a credit to an excerpt of an article that you add to your clipboard. However, most victims of the more sinister version of this technology won’t notice until it’s too late.
Cybercriminals are always coming up with new attack vectors to get malware on your machine.
Indeed, Reversing Labs discovered around 760 examples of hijacking code across the open-source software repository Ruby Gems.
Developers the world over contribute to repositories like Ruby Gems and incorporate code found in the libraries into commercial software. So keeping your anti-virus software up to date is essential.
Web browser Opera 84 comes with a “Paste-Protection” feature that watches out for any last-second changes to pasted information. You can run an Opera browser on Windows, Linux, and macOS.
“Paste Protection protects you from [clipboard hijacking]. When you copy sensitive data in Opera Browser, the data is monitored for changes for some time or until you paste the data. If the data is changed by an external application, a warning is displayed,” Opera said (via Softpedia News).
But ultimately. your best line of defense is to type out the destination address one character at a time and
double triple-check that it’s correct.
Follow us on Twitter for more informed news.
Out now: the first four episodes of our ongoing investigative podcast series Innovated: Blockchain City.