Clipboard-Hijacking Malware Targets Crypto Wallet Addresses on Windows
Microsoft has identified a new strain of malware that silently replaces cryptocurrency wallet addresses stored in the Windows clipboard with attacker-controlled addresses. The technique is designed to redirect outgoing crypto transfers to hackers without the sender noticing. Users conducting any copy-paste wallet transactions on Windows machines are advised to manually verify addresses before confirming transfers.
Microsoft has disclosed the discovery of a new malware strain specifically engineered to target cryptocurrency users on Windows operating systems. The malware operates by monitoring the system clipboard, the temporary storage area where copied text is held, and detecting when a cryptocurrency wallet address has been copied.
Once a wallet address is detected in the clipboard, the malware silently overwrites it with an address controlled by the attacker. The result is that a user who believes they are pasting their own wallet address is actually sending funds to the hacker.
The technique is notable for its simplicity and effectiveness. It requires no sophisticated social engineering and exploits a routine action that most crypto users perform regularly without additional verification.
- The malware targets Windows clipboard activity specifically.
- It detects and replaces cryptocurrency wallet addresses in real time.
- The substitution happens silently, with no visible indication to the user.
Any XRP holder transacting on a Windows machine should manually cross-check the full wallet address displayed in the destination field against the intended address before submitting any transaction, regardless of how the address was entered.
Key facts
- •Microsoft identified the malware
- •Targets Windows clipboard activity
- •Detects copied cryptocurrency wallet addresses
- •Silently replaces them with attacker-controlled addresses
- •Affects any outgoing crypto transfer using copy-paste