← All stories
● Covered by 1 source Β· 1 reportMedium impact

Silent Swap Crypto Clipper Targets Users via Fake Google Notes Extension

Aggregated by BrevFeed security Β· updated 2d ago
πŸ”– Save

Cybersecurity researchers identified the Silent Swap crypto clipper campaign, which uses a fake 'Google Notes' extension to steal cryptocurrency. The campaign replaces wallet addresses during transactions, leading to irreversible financial losses for victims.

Key points

Overview of Silent Swap Campaign

Cybersecurity researchers from McAfee Labs have revealed an active campaign called Silent Swap. This campaign is focused on stealing cryptocurrency by replacing wallet addresses during transactions through a malicious browser extension that masquerades as a 'Google Notes' utility.

Mechanism of Attack

Silent Swap employs unsigned installers in both .NET and Golang formats to deploy a malicious extension. The BaseZipInstaller retrieves a ZIP archive that enables the extension, which then modifies protected browser settings to install itself on Chromium-based browsers without user consent.

Clipper Functionality

The primary function of the Silent Swap extension is to act as a clipboard clipper, intercepting copied wallet addresses and replacing them with those controlled by the attacker, leading to irreversible financial loss during transactions. The extension requests permissions to access the clipboard, browsing history, and all URLs.

Techniques Employed

A key feature of the Silent Swap campaign is the utilization of EtherHiding. This method allows the attackers to use the blockchain for dynamically updating their command-and-control servers without needing to redeploy malware, thus maintaining persistence.

Social Engineering Aspect

The successful installation of the Silent Swap extension depends on manipulating users into enabling developer mode on their browsers, which makes the malicious modifications possible. This highlights the reliance on social engineering techniques to execute the attack.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Cybersecurity researchers identified the Silent Swap crypto clipper campaign, which uses a fake 'Google Notes' extension to steal cryptocurrency. The campaign replaces wallet addresses during transactions, leading to irreversible financial losses for victims.