Binance alerts users about clipper malware, a new threat that swaps wallet addresses during transactions, after $5.6B lost to fraud last year.
Binance recently warned its users about one of the newest threats – ‘clipper malware,’ which helps hackers modify transaction descriptions and perform transactions fraudulently.
This alert comes after the FBI filed a report that pointed to users of the digital currency losing more than $5.6 billion in the last year on the association of several scams and frauds.
Theft via Clipboard Interception
Clipper malware is designed to target the clipboard feature on a device—a facility that holds data for a limited time to enable pasting. In particular, cryptocurrency wallet numbers for transactions include a series of letters and numbers that are usually copied when transferring funds.
Binance also clarifies that the tactic used by the malware is to substitute the copied wallet address with another one owned by the attacker. The intended users who do not confirm the address before signing the transaction lose their money to the attacker by sending it directly to the attacker’s address.
Android mobile devices and web applications users are most vulnerable to attack by clipper malware. Binance’s blog has pointed out that these apps are usually downloaded from third-party sources or with names in local languages, hence avoiding official app stores due to restrictions from the regions. However, it seems iOS users are at a lower risk, so users should remain cautious across different operating systems.
Preventative Measures and Recent Incidents
According to Binance, there are some measures that can be taken to try and avoid the dangers that are affiliated with clipper malware. People are encouraged to be careful with wallet tags and transactions accomplished and stick to well-known sources only when it comes to apps and plugins. To avoid such issues, it is also advisable to have appropriate security software installed to recognize and delete the dangers.
Recent security breaches include the India based WazirX exchange where the exchange lost around $230m through a compromised wallet. Likewise, the Indonesian exchange Indodax also lost $22 million. The two occurrences clearly show that threats are consistent and are still emerging in the cryptocurrency environment.
Furthermore, global threats are raised with statements from the FBI about the hacking activities of North Korean actors, which are focusing on the cryptocurrency market with technologies that create difficulties in timely detection and mitigation of risks.
